[Dnsmasq-discuss] Move 'dnssec time check enable' from SIGHUP to SIGUSR2
Kevin Darbyshire-Bryant
kevin at darbyshire-bryant.me.uk
Mon Jan 15 23:42:12 GMT 2018
> On 15 Jan 2018, at 23:27, Simon Kelley <simon at thekelleys.org.uk> wrote:
>
>
>>
>> Beyond “gaaahhhhhh why didn’t I think of SIGINT”….. excellent. Understand the reasoning, agree, running chez Kevin and backport for LEDE master submitted.
>>
>
> and there's still SIGQUIT available!
>
> Out of interest, how does the LEDE plumbing deal with a restart of
> dnsmasq _after_ ntp has established lock?
There’s an ntp hotplug script that creates a ‘time is valid’ flag file (/var/state/dnsmasqsec - being in /var means actually in tmp hence ram). If the file doesn’t exist already on stratum change then a) it gets created and b) SIGINTs dnsmasq. dnsmasq startup changes too… if the file doesn’t exist then it gets started with ‘—no-dnssec-timestamp’ expecting to be SIGINT’d by the hotplug script. If dnsmasq gets (re)-started and ntpd hotplug has created our ‘time valid’ file, then dnsmasq is started *without* —no-dnssec-timestamp’. There’s a whole raft of logic related to whether or not we’re using dnssec and quite what ntp client is being used.
The SIGINT support was committed to LEDE/openwrt master (rather than CC, 1701 or whatever) around 60 minutes ago.
Cheers,
Kevin D-B
012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180115/915cd86b/attachment.sig>
More information about the Dnsmasq-discuss
mailing list