> On 3 Jan 2018, at 12:34, Simon Kelley <si...@thekelleys.org.uk> wrote:
> Happy new year all.
> "Ideally dnsmasq would have some other IPC mechanism for indicating
> 'time is valid, go check dnssec timestamps'"
> I suspect I know that answer to this, but dnsmasq _does_ have another
> IPC mechanism, DBus. Could this be solved by providing a DBus method?

I don’t know the implications of dbus on lede - a dbus method sounds like a 
useful idea though if nothing else to avoid the overloading of SIGHUP… but not 
a priority for lede.
> Failing that, what's the problem with using the timestamp file
> mechanism? I would have thought that was ideal for LEDE, which has a
> writable persistent filesystem available.

Ahh, oh boy, long story. Openwrt/LEDE did use that mechanism a while back but 
there were several niggles: writing to flash, handling conditional copying of 
the timestamo file across system updates, lede being too clever and updating 
clock to ‘latest timestamp in /etc’ temporarily before using ntp to set to real 
time.  In the end a mechanism whereby ‘ntpd’ pokes ‘dnsmasq’ when it has set 
time was easier, simpler, more reliable….in most circumstances, but 
openwrt/lede it appears is getting more persistent in using SIGHUP for other 
things and conflicting with dnssec timestamps.
> If we move to SIGUSR2, the backwards compatibility objection could
> addressed by making the signal to be used an argument to
> --dnssec-no-timecheck
> --dnssec-no-timecheck=sigusr2

Now that I like :-)



Attachment: signature.asc
Description: Message signed with OpenPGP

Dnsmasq-discuss mailing list

Reply via email to