default local DNS caching name server
cra at WPI.EDU
Mon Apr 14 14:20:39 UTC 2014
On Mon, Apr 14, 2014 at 02:07:07PM +0200, Juan Orti Alcaine wrote:
> One thing I would like to note is that in machines which don't have
> a hardware clock, I had problems starting bind and unbound, because
> the date was back to 1970 in each boot, so the root dns key was not
> yet valid and there were no valid dns resolvers to update time by
> ntp. I had to hardcode some ntp servers IP addresses to perform the
> ntp queries at boot time.
> This was using the OpenWrt distro in a mips router, I don't know if
> we can face this kind of problem in ARM machines. I guess all x86
> have hardware clock, doesn't they?
The NTP Bootstrapping problem is well known. There is an effort to
deal with that here (in the context of dnsmasq DNSSEC on
Search for the word "prototype" to find a description of one
"The nice thing about this switch to dnsmasq is that it does
validation of the chain, just ignoring validity times; which
presumably would make it harder to exploit as you'd need an actual
valid key, rather than just be able to spoof the packets reply of the
There are many other ideas in that thread.
More information about the devel