22

BIND 9.17 Plan

Matthijs Mekking edited this page 2021-05-12 15:57:58 +00:00

Table of Contents

• Stretch Goals
• New ideas
• Stork

1. Networking

• Client->Server communication with wpk-NetMgr (Priority 1)
  • February 2020 UDP Dispatcher (@wpk, @each)
  • April 2020 Code simplification of client tools (@wpk, @each)
• DNS over HTTP(2) (Priority 1)
  • February 2020 DoH design document posted in gitlab.isc.org (@wpk)
  • April 2020 DoH support in the main DNS clients (dig, delv) in development version of BIND 9
  • June 2020 DoH server code available in development version of BIND 9
  • August 2020 DoH support in the rest of the DNS clients (mdig, dnsupdate) in development version of BIND 9
  • September 2020 DoH backported to Extended Support Version (9.16) of BIND 9
• DNS over TLS (Priority 3)
  • TBD Server - named as resolver, but auth implicitly
  • TBD Client(?) - dig, delv, named as forwarder
  • TBD *XFR

2. Improve BIND management

• Stork Metrics (Priority 1)
  • January 2020 Adding the new required counters (@matthijs)
  • March 2020 Add the rest of the interfaces needed for Stork (@matthijs)
• BIND statistics system overhaul (https://gitlab.isc.org/isc-projects/bind9/issues/38) (Priority 2)
  • Define the new interface for statistics (write design document)
  • Implement the new interface for statistics
  • Convert the existing statistics to new API
  • Convert the modules to use the new API
• Clarify, improve operational utility of statistics and accuracy for (resource consumption, performance, exception alerting) (Priority 3)
• Catalog zones update per the Draft (Priority 4)
• Zone templates (Priority 4)

3. Operational enhancements

• DNSSEC Made Complete (Priority 2)
  • Extend keymgr (NSEC3, purge keys, CD, CDNSKEY, times) (@matthijs) (done)
  • Full support for tools (@matthijs)
  • Full support for HSMs
  • Offline KSK (@matthijs)
  • Key Sharing
  • RFC 5011 (@matthijs)
  • Parent-child updating phase 2

4. Solution for CNAME at the apex problem (Priority 3)

• ANAME draft implemented in a BIND module
• HTTPSSRV (In Review)

5. Refactoring

• Refactoring / replacing the task+taskmanager code+timers (Priority 4)
  • libevent/libuv in BIND 9.15/9.16
• lib/dns/zone.c: Refactoring

6. Other

• March 2020 Sphinx-doc (Priority 3) (@oerdnj)
• January 2020 Automake (Priority 3) (@oerdnj)

Stretch Goals

• EDNS Tag draft (draft-bellis-dnsop-edns-tags)

• DNS extended errors draft - display only done, set extended errors done on IETF Hackathon

• EDNS chain

• Faster, more efficient zone content propagation zone updates

• Whole answer cache as module if it significantly improves performance (Witold's and Evan's pet project)

• Zone file digest (integrity of updates)

• GUI/API for managing configuration of multiple servers in one place.

  • Joint project with Kea
  • package RNDC python library

• Provisioning of zones and configuration -- Catalog zones++ -- like PowerDNS master server, something that will master the views and acls as well as the zones

• Lockless data structures (queues, lists)

• NSEC5 - Experimental; Depends on crypto availability in OpenSSL

  • Actually going to be implemented by BU

• Telemetry (Call Home)

  • Telemetry on options used
  • Version check

• DNS Stateful Operations

New ideas

• Log cycle buffer

Stork

• Some new global statistics (cache, zonelist, rpz, nta, dnssec). https://docs.google.com/spreadsheets/d/1aKKFN5YVTLT90MYNExV_j66WBTjxTCIw9b58fDsdiE0/edit?ts=5d9c3708#gid=0
• Debug logging that does not kill performance.
• named-checkconf that prints what is in use and what is changed from the default.