[Cerowrt-devel] DNSSEC & NTP Bootstrapping

Joseph Swick cerowrt at decoy.cotse.net
Fri Mar 21 23:33:27 EDT 2014

Hi List,
I've been lurking for several months now on the list and I remember some
discussion about trying to find acceptable methods for bootstrapping the
local system time so that DNSSEC would work.

I recently got around to updating my router a week or two ago from 3.7.?
to 3.10.28-16 because Comcast finally switched on IPv6 for my neck of
the woods (realized this when I finally noticed the performance impact
of the issues with Comcast IPv6 and the 3.7 release) .  Tonight, I went
and reset my configuration this evening to clear out some mistakes I
made (that was keeping IPv6 from working).  Then I noticed that was
getting SERVFAIL for some domains (e.g.: bufferbloat.net) and not others
and (in trying to keep this short) I finally remembered to check the
clock on the router and saw that it was set to Feb 24th instead of the
correct time & date.

Is the current recommendation still to put in a couple of IPs for NTP
servers into the config of the router?  Or has there been more work
towards resolving the NTP bootstrap issue in the more recent releases?



More information about the Cerowrt-devel mailing list