[Cerowrt-devel] DNSSEC & NTP Bootstrapping
simon at thekelleys.org.uk
Fri Mar 28 06:41:58 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 28/03/14 09:18, Toke Høiland-Jørgensen wrote:
> Simon Kelley <simon at thekelleys.org.uk> writes:
>> Which makes this scheme better, since you don't have to restart
>> dnsmasq once the time stabilises, just SIGHUP it.
> Yeah, but my concern was the opposite: say the flag is enabled in
> the config, it will run at boot in this mode, some script will kick
> in and set/verify the time, then SIGHUP dnsmasq. Everything is fine
> so far.
> Now if dnsmasq is restarted later for some reason (manually,
> config change, whatever), the flag will be enabled, and there will
> be no script to SIGHUP dnsmasq.
Understood, my suggestion is that the dnsmasq startup script somehow
interrogate NTP as to if it's running, and if it has a time lock. Only
setting the flag if it isn't or doesn't. Of course that depends on NTP
being able to answer the question.
This is why I suggested having the flag do nothing if
> it indeed *is* possible to verify the timestamps. But I can see how
> from a debugging perspective that would be an annoying feature.
> I suppose special-casing the init script to add the flag only on
> boot might be a solution. Will experiment with it once you've added
> the flag :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Cerowrt-devel