Steven Barth <[email protected]> writes: > Using --dnssec-no-timecheck is impractical since it reacts to SIGHUP which > is already overloaded and might be triggered by e.g. config changes.
Quite apart from the signaling, using --dnssec-no-timecheck very quickly turns into an ugly hack. I implemented a startup time sync functionality for CeroWrt based on this, see https://github.com/dtaht/cerowrt-3.10/commit/b3a5b704691f1ba1d154dca9c7ab316f92136640 Never even attempted to upstream it because while it does sorta-kinda work, it is a fairly ugly hack and I don't see any good way to avoid that. I definitely consider the timestamp file a cleaner way of solving the DNSSEC/time sync problem, and will definitely recommend sticking with that. As far as whether or not it is a security risk: The whole issue here is that it is fundamentally impossible to bootstrap DNSSEC securely without a reliable clock (i.e. real-time clock or GPS or other offline source). So we're stuck with doing things that minimise the duration of the vulnerable window. Also, as far as I can tell, dnsmasq will still read the time off the file even if it can't write to it. So if the file ownership is the issue (and I can see how this is at least a theoretical concern), just have the file be owned as root, and have a suitably privileged process touch it on shutdown (or periodically? presumably many reboots are going to be hard power cycles, so no chance to do anything on shutdown?). -Toke _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
