[LEDE-DEV] dnsmasq dnssec problem
e9hack
e9hack at gmail.com
Mon Jan 1 07:31:47 PST 2018
Hi,
dnsmasq with dnssec enabled doesn't work properly. If dnssec is enabled, the parameter dnssec-no-timecheck is add too,
depend on some conditions related to sysntpd. If this parameter is added and dnsmasq receives a SIGHUP before ntpd was
able to set the time, name resolution isn't possible, because dnsmasq does check the time window now and invalidates
every answer from an upstream server. If parameter dnssec-no-timecheck is added, parameter
dnssec-timestamp=/var/state/dnsmasqsec must be add too.
Regards,
Hartmut
More information about the Lede-dev
mailing list