Martin Husemann wrote: > On Sun, Oct 11, 2020 at 07:03:53PM -0400, Greg Troxel wrote: > > Which sounds like "the right approach is not yet widely agreed on so > > NetBSD being leading edge in paranoia is not necessarily helpful". > > Nothing of this is special to NetBSD, besides the question how we can > work around the issue in our way to configure startup.
Like you say, this isn't a NetBSD problem. The approach in https://lists.freebsd.org/pipermail/freebsd-stable/2016-June/084771.html looks reasonable at first glance as an option to not hard-code IP addresses anywhere: running this at boot time may help as well unbound-control set_option val-permissive-mode: yes then after ntpd has started up run this unbound-control set_option val-permissive-mode: no Yes work around's, but work around's work by definition. The thread from that link has a few other suggestions, but this one seemed most elegant (insofar as a workaround could be considered elegant). Cheers, Simon.
