30 July 2008 22:20 : some tidying up, removed unused code, Server.cs
30 July 23:30 : put in code to set TC bit on 512 buffer overflow
31 July 00:10 : added TXT record support
31 July 20:55 : compare first response with cache. Adjust paranoia accordingly.
1 August 07:45 : Recursive loop could occur when TTL for name server "glue" expires.
Changed GetNameServer to resolve names to IPs on construction, and added code to detect loop.
1 August 10:30 : Minor amendments to tracing and name server constructor.
1 August 16:15 : Further minor tracing amendments.
Observation: "Bad" return IP addresses are not unusual. That's somewhat unexpected to me.
1 August 17:50 : Put a limit on number of retries in SendRequest. Otherwise a NameServer constructor can fail to terminate if all name servers do not resolve. tools.ietf.org did not resolve without this, as some of it's name servers do not have have records ( see http://www.intodns.com/ietf.org ).
2 August 00:25 : More tidying up.
2 August 07:15 : Simplified case handling by using the .Net V2 StringComparer.OrdinalIgnoreCase / StringComparison.OrdinalIgnoreCase variants when constructing Hashtables / calling EndsWith.
2 August 09:40 : Allow arbitrary types, re-coded handling of RR data.
9 August 15:00 : Tidy up. Name server IP resolution delayed until use.
11 August 15:00 : Put in code to properly distinguish a name not existing (RCODE=3), from lookup failure ( due to servers not responding). Not quite clear what RCODE should be used when servers do not respond.
11 August 20:15 : More work on returning correct RCODE. Little practical significance, just trying to get it right.
11 August 12:00 : Small adjustments to tracing, variable names.
Thinking about having a "security" field in the cache that roughly represents how confident we are that a cached value is correct. If security value is insufficient, resolver loop could continue until value is satisfactory. The estimate would take into account TTL expired entries in the cache.
11 August 18:45 : Implemented "confidence" value in cache. With current settings means that 2 queries are initially required before a DNS value is trusted, which will slow performance somewhat. There is clearly scope for optimisation here : ought to despatch extra query immediately ( rather than waiting for first to finish ).
11 August 19:45 : Put in code to stop duplicate values in a response generating false confidence. Also reduced wait times a bit, to improve performance, since confidence system gives extra protection.
13 August 13:45 : Added "Issues.txt".
14 August 07:30 : Added localhost code
14 August 22:10 : Negative caching implemented. TTL is calculated using heuristic, not taken from SOA Min TTL.
15 August 16:45 : Amended DnsString.EqualData to perform case-insensitive comparison.
16 August 07:30 : Executable renamed to "GbDns.exe". Tracing and debug disabled. Added GbDns.msi.
17 August 07:50 : Fixed empty trace file being generated despite tracing being disabled.
17 August 11:30 : Put in check so that special QTYPES (e.g.ALL) generate RCODE=4.
17 August 16:30 : Added license statement.
17 August 21:00 : Amended DnsMx.EqualData to perform case-insensitive comparison.
17 August 21:30 : Use preprocessor #if (Trace) for disabling tracing ( reduces executable size ).
17 August 23:00 : Check returned copy of Question.
18 August 07:15 : Randomize case of Question when sending a request.
18 August 10:00 : Checked response entropy (in bits) available for updating Confidence values. Allows fallback if unusual response received. When parsing names (except for Question section), convert to lower case.
18 August 16:00 : Fixed minor problems from previous update.
18 August 16:30 : Increased Confidence threshold to 50 bits.
18 August 18:00 : Added Security statement.
18 August 00:45 : Change Log (this page) seperated from main page.
19 August 08:15 : Some code moved into #if (Trace) sections.
19 August 18:50 : Code to limit number of simultaneous requests ( Birthday attack ).
20 August 08:14 : Limit Confidence to ConfidenceMax.
21 August 08:15 : Case handling simplified (optimized).
21 August 10:30 : Listen only on 127.0.0.1 instead of all interfaces.
21 August 13:10 : Put LoopLimit=20 on main Resolve loop.
26 August 13:15 : DnxRs.Check : should defeat Kaminsky attack.
26 August 13:13 : If a Bad ID is detected, do not process response.
26 August 18:15 : Use Bad ID count to discount securitybits ( instead of not processing ).
27 August 19:00 : Moved configuration constants into Config class. Minor adjustments to some of these values.
28 August 09:20 : TTL included in comparison for data equality.
28 August 09:45 : TTL comparison need not be exact ( allow up to 60 seconds of difference ).
28 August 22:30 : Enum types QT (for QTYPE) and RC (for RCODE).
29 August 09:00 : DnsFetcher class replaced by simplified DnsCache.Fetch.
General simplification : variable wait time, status mechanism ditched.
30 August 08:30 : Major re-write.
Main cache no longer stores confidence, instead for each query have a temporary cache to
accumulate confidence where repeat is required.
For Root and TLD servers, a random prefix is prepended to question, so repeat is never required.
30 August 09:40 : Convergence test amended ( didn't work properly ).
30 August 11:30 : Further tuning of convergence test.
30 August 18:05 : Tidy up, negative caching TTL increases on refetch.
30 August 20:30 : Minor tidy-up.
31 August 12:20 : When looking in cache for confidence, check for TTL equality
31 August 18:44 : If too many answers, only return those that fit in buffer ( cnn )
31 August 20:55 : New convergence test "Stop when every LHS name has at least one confirmed value"
31 August 21:10 : Tidied up code for new convergence test
1 September 07:20 : TTL equality needs to compare with raw TTL ( cache entry now has AbsTTL and TTL ).
1 September 15:50 : Convergence checks number of records for each LHS. Cache entry has Alt attribute.
1 September 18:40 : Limit entropy implicit in existing cache entry to 30 bits.
1 September 21:45 : design.txt added.
2 September 07:10 : Minor fix to handling of cached entropy.
2 September 17:05 : Put in Name Error with Nonce retry. Fixed Rcode handling bug.
6 September 12:13 : Check QR flag for received requests and responses.
6 September 22:20 : Added Config.KaminskyBits.
8 September 07:00 : Fixed bug : was setting bit 8 (RA) flag in requests, for no reason. Causes some servers to return SERVFAIL, e.g. when resolving www.moto.gb.com
9 September 06:30 : Fixed bug with Dupcheck ( WWW.AMAZON.COM generates duplicates )
9 September 12:05 : Some classes from DnsCache.cs moved to new source file DnsConverge.cs For readability.
9 September 12:45 : Tidyup, bug fix ( ConfidenceMin used instead of RequiredBits in one case )
14 September 15:15 : Priming query to initialise root. Single query Name Error resolution by SOA record using regularity (flatness) assumptions.
15 September 11:00 : Error handling reworked, with correct treatment of NoData conditions.
16 September 15:00 : Use random source port ( but no entropy assumed ).
19 September 14:00 : Major rewrite to use Aync IO.
21 September 07:00 : Tidy up after rewrite.
21 September 10:00 : Use Cont instead of Active for Recurse_Exception check.
21 September 21:15 : Lame server check added ( www.iahc.org )
21 September 00:30 : More lameness checking : AA bit ( www.futuresource.com )
22 September 20:00 : Fix to new recursion check.
23 september 08:10 : Server timeout retry improved.
24 September 09:00 : Tidyup of sealed/private/public attributes. Comments added.
24 September 10:30 : Improved nodata detection ( Version associated with cache entry ).
24 September 23:50 : Added clean up for completely expired cache entries.
24 September 11:15 : Implemented multi-level replacement.
24 September 22:00 : Convert to Generic collections.
27 September 21:00 : Domain class for efficiently representing names.
30 September 07:15 : Updated Cache.CheckExpiry (memory management).
30 September 22:30 : Use WeakReference so that full GC can occur even when Tasks are active.
2 October 09:05 : Minor tidy up
3 October 09:55 : New Bailiwick check.
5 October 23:30 : Recoded DnsData.
6 October 20:20 : Use single (random) source port when repeating query.
9 October 18:00 : Output Domain name compression. Revised Convergence algorithm.
12 October 09:00 : Use coded Set instead of Dictionary. General tidyup. Sendfail.
18 October 14:00 : Implemented authoritative function. Dns/Zones.dns is master file. Recursive service available to local addresses.
24 October 14:20 : Simplified entropy calculation. Count BadIds over fixed period of time.
03 November 20:00 : Support for SRV type.
07 November 13:45 : Treat Refused same as ServerFail, otherwise www.cnbc.com does not resolve.
28 April 2009 17:10 : Fixed bug with TYPE=ANY, was trying to transmit cached NX pseudo-records
1 May 2009 01:30 : On root server failure, priming query not trying another root server.
5 May 2009 04:50 : Check for compression loop in DnsRx.ReadName ( thanks to Matthew Dempsky ).
5 May 2009 18:00 : Set TC flag if packet truncated.
5 May 2009 19:16 : Nonce disabled, was causing problems resolving A ns1.namecity.com
6 May 2009 14:11 : If Recursing, don't compute Auth in RequestBase constructor.
12 May 2009 19:50 : DNSKEY, RRSIG, NSEC, DS and Generic (rfc3597) text resource records.
14 May 2009 11:35 : More DNSSEC code, however DNSSEC not yet functional.
15 May 2009 10:00 : NSEC3, NSEC3PARAM resource records.
16 May 2009 11:05 : Only answer first question ( to stop server being used as DOS weapon )
16 May 2009 12:03 : More DNSSEC work, in progress. Removed Nonce and Lame check code.
16 May 2009 23:30 : Add RRSIGS to response.
17 May 2009 19:25 : DNSSEC-aware resolver functional ( DNSSEC authoritative service incomplete - does not serve NSEC records yet ).
18 May 2009 11:46 : EDNS Ping support added.
19 May 2009 11:00 : DNSEC functional, apart from authoritative NSEC3 and validation. Minimal testing.
Note : DNSSEC is enabled by existence of file Dns/Dnssec.dns, which defines root servers and keys.
26 May 2009 22:45 : Changes to DnsRx. HINFO added. Output wildcard NSEC record.
27 May 2009 12:30 : Code to handle bad EDNS responses seen resolving clk.atdmt.com
28 May 2009 08:55 : Authoritative NSEC3 functional.
29 May 2009 06:10 : Wildcard expansion supported.
06 Jun 2009 07:00 : DNSCurve implemented.
08 Jun 2009 23:58 : Implemented caching of DNSCurve shared secrets.
17 Jun 2009 15:40 : TCP fallback for truncated responses.
22 Jun 2009 22:25 : Implemented Dns/DNSCurveAlt.txt for public key rollover.
25 Jun 2009 23:02 : Implemented DCPK resource record for DNSCurve public keys.
02 Jul 2009 08:15 : Remove child RRset when saving new parent RRset (to avoid problems with old unglued child NS RRsets ).
10 Jul 2009 15:00 : Implemented support for server TCP.
14 Sep 2009 12:00 : Fixed RemoteClient to show remote endpoint when tracing enabled.
28 Sep 2009 21:27 : Implemented QRP, which replaces DnsCurve.
08 Oct 2009 00:00 : Client support for IPv6 - will try using AAAA/Ipv6 if no A record for server.
09 Oct 2009 09:55 : www.hsbc.com only works if query is all lower-case ( bad ). So normalise to lower case instead of upper, and only do 0x20 with EDNS. Fall back to non-EDNS is timeouts are seen.
10 Oct 2009 19:55 : Full support for IPv6, and for multi-homed servers.
11 Oct 2009 17:12 : QRP requests bind to specific local IP address.
13 Oct 2009 09:21 : Reworked QRP to use Connect. This allows ServerToken select using source IP address.
21 Oct 2009 13:32 : Congestion control re-worked.
21 Oct 2009 20:06 : Data moved to start of multi-page response packet.