[LEDE-DEV] [PATCH v1] dnsmasq: use SIGUSR2 for dnssec time valid

[Kevin Darbyshire-Bryant]

> On 5 Jan 2018, at 08:22, e9hack <e9hack at gmail.com> wrote:
> 
> Am 02.01.2018 um 16:29 schrieb Kevin Darbyshire-Bryant:
>> Move 'check dnssec timestamp enable' from SIGHUP handler to SIGUSR2.
> 
> Hi,
> 
> your patch fixes the DNS problem for me.
Good, as I suspected it would.
> 
> Now I get another ugly behaviour which is more related to ntpd from busybox. Ntpd answers to ntp request before it did
> update the time of the router. I've connected a voip phone to the router, which uses the router as time server. In the
> past, I did never see a wrong date/time on the phone. Now after a reboot/update of the router, the phone uses a wrong
> time for around 6 hours. I add a few firewall logging rules to monitor ntp and dns traffic. After the reboot of the
> router, the phone sends first dns request and a few seconds later the first ntp request. This first ntp request is send
> a few seconds before ntpd sends ntp requests over the wan interface and does update the time of the router.

I don’t have a magic patch for this problem.  It seems to me that ideally busybox ntpd shouldn’t serve time until it has sync’d.  A horrible hack idea: firewall rule to drop incoming ntp requests from clients… have an ntpd hotplug script that captures the stratum change event and removes the firewall rules.  And/or ntpd has a new command line switch implemented that does the same thing ie. ignore ntp requests until sync’d.

Failing that, maybe you really can’t have DNS and time at the same time ;-)   Now where did I put that chicken…...


Cheers,

Kevin D-B

012C ACB2 28C6 C53E 9775  9123 B3A2 389B 9DE2 334A