From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cerowrt@decoy.cotse.net>
Received: from mailhost.cotse.com (mail.cotse.net [66.203.85.58])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 950B321F249
	for <cerowrt-devel@lists.bufferbloat.net>;
	Fri, 21 Mar 2014 20:33:30 -0700 (PDT)
Received: from out.packetderm.com (out.packetderm.com [66.203.85.62])
	by mailhost.cotse.com (8.14.5/8.14.5) with ESMTP id s2M3XSlE043486
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO) for <cerowrt-devel@lists.bufferbloat.net>;
	Fri, 21 Mar 2014 23:33:28 -0400 (EDT)
	(envelope-from cerowrt@decoy.cotse.net)
Received: from localhost (localhost[127.0.0.1]) (authenticated bits=0)
	by smtp (5.7.4/5.7.4) with ESMTP id s2M3XR6T045758
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
	for <cerowrt-devel@lists.bufferbloat.net>;
	Fri, 21 Mar 2014 23:33:28 -0400 (EDT)
	(envelope-from cerowrt@decoy.cotse.net)
Message-ID: <MTAwMDA0MC5kZWNveQ.1395459208@quikprotect>
Date: Fri, 21 Mar 2014 23:33:27 -0400
From: Joseph Swick <cerowrt@decoy.cotse.net>
MIME-Version: 1.0
To: "cerowrt-devel@lists.bufferbloat.net" <cerowrt-devel@lists.bufferbloat.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: [Cerowrt-devel] DNSSEC & NTP Bootstrapping
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sat, 22 Mar 2014 03:33:31 -0000

Hi List,
I've been lurking for several months now on the list and I remember some
discussion about trying to find acceptable methods for bootstrapping the
local system time so that DNSSEC would work.

I recently got around to updating my router a week or two ago from 3.7.?
to 3.10.28-16 because Comcast finally switched on IPv6 for my neck of
the woods (realized this when I finally noticed the performance impact
of the issues with Comcast IPv6 and the 3.7 release) .  Tonight, I went
and reset my configuration this evening to clear out some mistakes I
made (that was keeping IPv6 from working).  Then I noticed that was
getting SERVFAIL for some domains (e.g.: bufferbloat.net) and not others
and (in trying to keep this short) I finally remembered to check the
clock on the router and saw that it was set to Feb 24th instead of the
correct time & date.

Is the current recommendation still to put in a couple of IPs for NTP
servers into the config of the router?  Or has there been more work
towards resolving the NTP bootstrap issue in the more recent releases?

TIA.

-Joseph