Work Plan
1. Prepare for Let's Encrypt deployment
Complete improvements needed in order to deploy to Let’s Encrypt. This is important because it makes DNS safer for Let’s Encrypt but also because it will demonstrate to other potential users that the resolver can function well in a demanding environment.
- Add support for DNSSEC validation for recursive queries
- Add support for NSEC(3)
- Add support for IP allow lists for inbound connections
- Add support for a denylist for outbound ports
- Add support for a “do-not-query” list
- Add support for cache policies by record type
- Add support for NS round-robin to reduce triggering rate-limiting
2. Security audit
A third party security audit will be performed and findings will be addressed.
3. Performance improvements
Improve performance (queries/second, CPU and memory usage) such that the resolver can be used in the most critical and demanding environments.