[Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2
Kevin Darbyshire-Bryant
kevin at darbyshire-bryant.me.uk
Wed Jan 3 14:34:07 GMT 2018
> On 3 Jan 2018, at 12:34, Simon Kelley <simon at thekelleys.org.uk> wrote:
>
> Happy new year all.
>
>
> "Ideally dnsmasq would have some other IPC mechanism for indicating
> 'time is valid, go check dnssec timestamps'"
>
>
> I suspect I know that answer to this, but dnsmasq _does_ have another
> IPC mechanism, DBus. Could this be solved by providing a DBus method?
I don’t know the implications of dbus on lede - a dbus method sounds like a useful idea though if nothing else to avoid the overloading of SIGHUP… but not a priority for lede.
>
>
> Failing that, what's the problem with using the timestamp file
> mechanism? I would have thought that was ideal for LEDE, which has a
> writable persistent filesystem available.
Ahh, oh boy, long story. Openwrt/LEDE did use that mechanism a while back but there were several niggles: writing to flash, handling conditional copying of the timestamo file across system updates, lede being too clever and updating clock to ‘latest timestamp in /etc’ temporarily before using ntp to set to real time. In the end a mechanism whereby ‘ntpd’ pokes ‘dnsmasq’ when it has set time was easier, simpler, more reliable….in most circumstances, but openwrt/lede it appears is getting more persistent in using SIGHUP for other things and conflicting with dnssec timestamps.
>
> If we move to SIGUSR2, the backwards compatibility objection could
> addressed by making the signal to be used an argument to
> --dnssec-no-timecheck
>
> --dnssec-no-timecheck=sigusr2
Now that I like :-)
Cheers,
Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180103/6eb208fd/attachment.sig>
More information about the Dnsmasq-discuss
mailing list