> On 3 Jan 2018, at 12:34, Simon Kelley <si...@thekelleys.org.uk> wrote: > > Happy new year all. > > > "Ideally dnsmasq would have some other IPC mechanism for indicating > 'time is valid, go check dnssec timestamps'" > > > I suspect I know that answer to this, but dnsmasq _does_ have another > IPC mechanism, DBus. Could this be solved by providing a DBus method?
I don’t know the implications of dbus on lede - a dbus method sounds like a useful idea though if nothing else to avoid the overloading of SIGHUP… but not a priority for lede. > > > Failing that, what's the problem with using the timestamp file > mechanism? I would have thought that was ideal for LEDE, which has a > writable persistent filesystem available. Ahh, oh boy, long story. Openwrt/LEDE did use that mechanism a while back but there were several niggles: writing to flash, handling conditional copying of the timestamo file across system updates, lede being too clever and updating clock to ‘latest timestamp in /etc’ temporarily before using ntp to set to real time. In the end a mechanism whereby ‘ntpd’ pokes ‘dnsmasq’ when it has set time was easier, simpler, more reliable….in most circumstances, but openwrt/lede it appears is getting more persistent in using SIGHUP for other things and conflicting with dnssec timestamps. > > If we move to SIGUSR2, the backwards compatibility objection could > addressed by making the signal to be used an argument to > --dnssec-no-timecheck > > --dnssec-no-timecheck=sigusr2 Now that I like :-) Cheers, Kevin
Description: Message signed with OpenPGP
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasqemail@example.com http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss