- Check zone refresh time when the SOA record is requested (different vs axfr)
- Take a look on the bugs mentioned in REST section
- Validate an empty zone response - wrong RR count 6 vs 3
- If a TSIG is not auth. different responses on SOA and AXFR
- If a source was removed, RPZ will fail - add validation/clean up
-
If connection was closed by remote server - log that instead of "success"
-
DNS requests rate limiting
-
Sample zone is broken
-
If IXFR source not set or equal AXFR - get removed records for IXFR
-
Force RPZ, Source refresh
-
RPZ from RPZs
-
simple permissions model
-
REST API rate limiting
-
HotCache optimization if refresh time less than hotcache storage time
-
Zone update - flush hot cache
-
Enforce domain validation. Discard indicators with wrong chars
- (ioc2rpz:clean_labels). Performance should be validated.
-
, A and AAAA requests. Optional A/AAAA support is added to be able to access the server via unique hostnames. In that case ioc2rpz behaves as an authoritative server
-
RPZ storage type: ets, mnesia
-
Mnesia for storage (and auto creation) https://github.com/ChicagoBoss/ChicagoBoss/wiki/Automatic-schema-initialization-for-mnesia
-
Redo AXFR logs
-
Access to the hotcache and the cfg_table via FUNs
-
(1) Terminate updating zones during config reload
-
(1) Clean up the code & add comments
-
Logs level startup config
-
Check delete in ioc2rpz: rpz_hotcache_table/pkthotcache
-
Distributed configuration
-
Wait while a remote server confirms receiving a notification
-
(2) EDNS0 Support: DNS Cookie, edns-tcp-keepalive, NSID
-
(3) Memory optimization for huge zones (erl -pa ebin +MEas bf ?????)
-
DoD https://tools.ietf.org/html/draft-ietf-dprive-dnsodtls-06
-
EUnit Tests for main funs.
-
Handle RPZ update if one of a sources is not availble or a recent update returned significatnly low number of indicators
-
Simultanious source downloads
-
Add source PostreSQL, MySQL via "shell:"
-
RPZ action per source
-
(2) Source based on files check by mod.date and size -> read by chunks
-
ioc type in config
-
max file size
-
RPZ action
-
NS type
-
lowcase optimization option
- (1) IOC to lowercase - check memory usage impact (in ioc2rpz_conn)
-
spawn processes
-
Hot cache optimization depending on RPZ refresh time and source usage in multiple feeds
-
Cache optimization for huge zones
-
Statistics table
-
warm cache in mnesia
-
Monitor significant drop in # of IoCs and if detected - postpone an update to 1 - 3 IXF cycles or specified time
-
RPZ by source intersection
-
Max # of IOCs
-
Catalog zones
-
Statistics per zone (# records, last update, # AXFR, # IXFR, last axfr update time, avg axfr update time, last ixfr update time, avg ixfr update time)
-
RPZ behavior: ignore unreachable sources, use old data for unreachable sources, do not update the zone
-
Additional local records: ptr, srv, mx etc
-
RPZ transfer rate limiting
-
(2) FDateTime,ToDateTime,FDateTimeZ,ToDateTimeZ + support them for AXFR
[:FDateTime:] = "2017-10-13 13:13:13", [:FDateTimeZ:] = "2017-10-13T13:13:13Z"
[:ToDateTime:] = "2017-10-13 13:13:13", [:ToDateTimeZ:] = "2017-10-13T13:13:13Z"
- Enforcement max # of IOCs
- Secondary DNS via MNESIA and distributed
- MGMT via REST API
- Statistics per source, RPZ, performance
- Bug RPZ stats after reload config
- Bug in cowboy. Can not send 501 in "catch all"
- DNS health check requests
- [/] Disable MGMT via DNS (update ioc2rpz.gui first) - default behaviour
- Switch from IXFR cache to Sources cache. IXFR cache allows you to support less zone updates but IOCs can be stored multiple times. Sources cache will contain duplicate IOCs from the same source but RPZs will be updated more frequently (looks like it is not bad).
- (3) Share IOC between the feeds in IXFR table (do not forget about different whitelists)
- (1) Do not cache expired IOCs if ExpDateTime<Serial_IXFR / update ExpDateTime if exists
- (1) Check zones IXFR update from multiple sources