1 end-to-end nym-based security
4 try to get the root authorities to set up a secure, usable NS-list system
5 have dnscache-conf keep track of copies of dnsroots.global
6 incorporate automatic NS-list upgrades
8 consider dead-server table in dnscache or in kernel
11 maybe reverse IPv6 lookups; what a mess