launch hardening: TC bit, Dockerfile, platform-aware deploy
- Set TC (truncation) bit when response exceeds 4096-byte buffer instead of dropping the response silently. Clients can retry via TCP. - Log when upstream response is truncated in forward.rs. - Dockerfile: bump to Rust 1.88, include site/service files, use alpine runtime instead of scratch, add cmake/perl for aws-lc-sys. - Makefile deploy: platform-aware — codesign on macOS, systemctl on Linux. - README: trim roadmap to near-term items only. - Verified: Docker build + smoke test passes on Linux (Alpine musl). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Razvan Dimescu
@@ -230,11 +230,8 @@ Zero external DNS libraries. RFC 1035 wire protocol parsed by hand. Dependencies
|
||||
- [x] System DNS auto-discovery — Tailscale, VPN split-DNS
|
||||
- [x] System DNS auto-configuration — `numa install` / `numa uninstall`
|
||||
- [x] Local service proxy — `.numa` domains with HTTP/HTTPS reverse proxy, auto TLS, WebSocket
|
||||
- [ ] pkarr integration — resolve Ed25519 keys via Mainline DHT (15M nodes)
|
||||
- [ ] pkarr integration — self-sovereign DNS via Mainline DHT (15M nodes)
|
||||
- [ ] Global `.numa` names — self-publish, DHT-backed, first-come-first-served
|
||||
- [ ] Audit protocol — challenge-based verification of resolver honesty
|
||||
- [ ] Numa Network — proof-of-service consensus, NUMA token, paid `.numa` domains
|
||||
- [ ] `.onion` bridge — human-readable `.numa` names for Tor hidden services
|
||||
|
||||
## License
|
||||
|
||||
|
||||
Reference in New Issue
Block a user