jdnssec-tools/README.TODO.md
David Blacka e322186112
Port to DNSJava 3.5.1, Java 8, linter fixes (#13)
* Initial port to dnsjava 3.5.1

* java.util.Date -> java.time.Instant
* for (Iterator ..) to for ( Object : List )
* DSRecord.<digest type> -> DNSSEC.Digest.<type>
* source to java 8

* formatting overhaul; copyright; author

* add slf4j jars for dnsjava 3.5.1

* NSEC/NSEC3 ttls are now min(soa.min, soa.ttl)

* Upgrade to commons-cli-1.5; some linter fixes

* Add CDS support of jdnssec-dstool

* linter suggestions

* add a TODO list

* Add a TODO list
2022-09-21 14:24:42 -04:00

1.2 KiB

jdnssec-tools TODO List

This bit of code has been around since approximately 2005, and has been in "minimal maintenance" mode for much of that time. But that doesn't mean there aren't features that we want to do, if we could arrange time and attention. Here is a partial list:

  • More feature parity with the current BIND 9 tools
    • Support the "v1.3" private key format. This basically means supporting the timing parameters that BiND 9 added.
    • Have jdnssec-signzone support incremental signing, including key rollovers
  • Rewrite jdnssec-signzone to use a "TreeMap" and arrange the data into a map of RRsets, rather than a sorted list of Record objects. This wouldn't be more efficient, but might be easier to understand.
  • Allow jdnssec-signzone to scale by either:
    • Allowing for pre-sorted zone data, and/or
    • allowing for an external sort once the data is shown to be larger than X, and/or
    • allowing for a memory-constrained internal sort that uses disk, and/or,
    • figuring out how to let the JVM use a lot of memory.
  • Add support for algorithm 16, perhaps refactor algorithm 15 support using bouncycastle.
    • Note that our current dnsjava version, 3.5.1 has some support, although it isn't clear if it has sign/verify support.