Changes between Version 1 and Version 2 of ResolverPlan2013


Ignore:
Timestamp:
Dec 7, 2012, 3:47:16 PM (5 years ago)
Author:
shane
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ResolverPlan2013

    v1 v2  
    7272
    73731.1 Requirements document (5d)
     74
    74751.2 Benchmarking infrastructure design and implementation (10d)
     76
    75771.3 Server architecture design (20d)
     78
    76791.4 Performance testing (15d)
    7780
     
    80832.1 Internal queuing mechanism (15d)
    8184    The idea of this item is that whatever our architecture is we will need to send work between the various components of the system and have an efficient way to do this.
     85
    82862.2 Simple DNS cache (20d)
    8387    This means defining the API, data structures, and implementing a simple DNS cache
     88
    84892.3 Query receiver / receptionist (20d)
    8590    This is a component covers whatever we need to do to actually receive queries & answers, and direct them properly. It could be a separate program or merely a class.
     91
    86922.4 Query tracing (20d)
     93
    87942.5 Server capability tracking (30d)
    8895    This is something like BIND 9's adb, or the existing NSAS in BIND 10, although with additional server information tracking.
     96
    89972.6 Port randomization (anti-Kaminsky) (30d)
     98
    90992.7 Root priming (5d)
     100
    911012.8 EDNS0 logic (15d)
    92102    BIND 9 just finished revising EDNS0, so we can steal those heuristics.
     103
    931042.9 Recursive resolution (30d)
     105
    941062.10 Locally served zones (15d)
     107
    951082.11 DNSKEY fetching (10d)
    96109     This is merely retrieving the DNSKEY records as we resolve, not actually doing anything with them.
     110
    971112.12 Recursive resolver functional test bed (30d)
     112
    981132.13 Recursive resolver performance test bed (15d)
    99114
     
    101116
    1021173.1 Manual trust anchor configuration (10d)
     118
    1031193.2 Signature verification (15d)
     120
    1041213.3 Modify cache to track RR security status (20d)
    105122    This probably should be designed in from the beginning, but I am thinking that perhaps a great deal of the implementation can be left stubbed-out until we actually do validation.
     123
    1061243.4 CD/AD bit handling (10d)
     125
    1071263.5 Checking RRSIG RR validity (25d)
     127
    1081283.6 NSEC handling (15d)
     129
    1091303.7 NSEC3 handling (30d)
     131
    1101323.8 RFC 5702 (SHA-2) (5d)
     133
    1111343.9 RFC 5933 (GOST) (10d)
     135
    1121363.10 RFC 6605 (ECDSA) (10d)
     137
    1131383.11 Negative trust anchors (15d)
    114139    This could be based on http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01
     
    117142
    1181434.1 Hook definitions (10d)
     144
    1191454.2 Implementation and examples (20d)
    120146
     
    122148
    1231495.1 RFC 5011 support (20d)
     150
    1241515.2 Multi-tiered cache (30d)
    125152    This may be useful if we have multiple processes not using shared memory as resolvers, or on clustered setups.
     153
    1261545.3 Cache persistence (20d)
    127155    Preserving cache on shutdown may speed startup, although of course the costs of storing/loading need to be analyzed.
     156
    1281575.4 Cache migration (30d)
    129158    With cache persistence, we should have basic tools to perform cache migration between hosts in a cluster.
     159
    1301605.5 ICMP port unreachable collection
    131161    Receiving port unreachable messages can speed up resolution. (We may wish to do this earlier.)