From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from bytemark.thekelleys.org.uk (bytemark.thekelleys.org.uk [IPv6:2001:41c8:51:46b:feff:ff:fe00:3310]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 068FF21F21E for ; Fri, 28 Mar 2014 03:42:09 -0700 (PDT) Received: from [31.118.75.205] (helo=[192.168.150.151]) by bytemark.thekelleys.org.uk with esmtpa (Exim 4.80) (envelope-from ) id 1WTUEf-00045S-0y; Fri, 28 Mar 2014 10:42:06 +0000 Message-ID: <533551F6.9010402@thekelleys.org.uk> Date: Fri, 28 Mar 2014 10:41:58 +0000 From: Simon Kelley User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Toke_H=F8iland-J=F8rgensen?= References: <532DD9DD.8040301@thekelleys.org.uk> <871txut453.fsf@alrua-x1.karlstad.toke.dk> <532DE7A8.3010504@thekelleys.org.uk> <87ppleroks.fsf@alrua-x1.karlstad.toke.dk> <53348C32.4040907@thekelleys.org.uk> <87ha6idabz.fsf@alrua-x1.karlstad.toke.dk> <53353C07.9030000@thekelleys.org.uk> <87eh1madfy.fsf@toke.dk> In-Reply-To: <87eh1madfy.fsf@toke.dk> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] DNSSEC & NTP Bootstrapping X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Mar 2014 10:42:09 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/03/14 09:18, Toke Høiland-Jørgensen wrote: > Simon Kelley writes: > >> Which makes this scheme better, since you don't have to restart >> dnsmasq once the time stabilises, just SIGHUP it. > > Yeah, but my concern was the opposite: say the flag is enabled in > the config, it will run at boot in this mode, some script will kick > in and set/verify the time, then SIGHUP dnsmasq. Everything is fine > so far. > > Now if dnsmasq is restarted later for some reason (manually, > config change, whatever), the flag will be enabled, and there will > be no script to SIGHUP dnsmasq. Understood, my suggestion is that the dnsmasq startup script somehow interrogate NTP as to if it's running, and if it has a time lock. Only setting the flag if it isn't or doesn't. Of course that depends on NTP being able to answer the question. Cheers, Simon. This is why I suggested having the flag do nothing if > it indeed *is* possible to verify the timestamps. But I can see how > from a debugging perspective that would be an annoying feature. > > I suppose special-casing the init script to add the flag only on > boot might be a solution. Will experiment with it once you've added > the flag :) > > -Toke > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlM1UfYACgkQKPyGmiibgrcJDwCfTZ5Z62g2ba53HHosgSy4paHh rqYAoIvjh3U7WfjHSst6mI/vWQvHggPI =Jtnj -----END PGP SIGNATURE-----