default local DNS caching name server

Chuck Anderson cra at WPI.EDU
Mon Apr 14 14:20:39 UTC 2014


On Mon, Apr 14, 2014 at 02:07:07PM +0200, Juan Orti Alcaine wrote:
> One thing I would like to note is that in machines which don't have
> a hardware clock, I had problems starting bind and unbound, because
> the date was back to 1970 in each boot, so the root dns key was not
> yet valid and there were no valid dns resolvers to update time by
> ntp. I had to hardcode some ntp servers IP addresses to perform the
> ntp queries at boot time.
> 
> This was using the OpenWrt distro in a mips router, I don't know if
> we can face this kind of problem in ARM machines. I guess all x86
> have hardware clock, doesn't they?

The NTP Bootstrapping problem is well known.  There is an effort to
deal with that here (in the context of dnsmasq DNSSEC on
OpenWRT/CeroWRT):

http://comments.gmane.org/gmane.comp.embedded.cerowrt.devel/2244

Search for the word "prototype" to find a description of one
implementation.

"The nice thing about this switch to dnsmasq is that it does
validation of the chain, just ignoring validity times; which
presumably would make it harder to exploit as you'd need an actual
valid key, rather than just be able to spoof the packets reply of the
non-validated query.."

There are many other ideas in that thread.


More information about the devel mailing list