aboutsummaryrefslogtreecommitdiffstats
path: root/package/utils
diff options
context:
space:
mode:
authorKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>2018-01-15 12:45:21 +0000
committerHans Dedecker <dedeckeh@gmail.com>2018-01-15 22:34:51 +0100
commitaba3b1c6a3639bf821d2cf305de22ec276fbff33 (patch)
tree65678ffd96602b49ffa3c35e5daa937b2789db82 /package/utils
parente4442ca2d87ffebd4e6703e1998cb047c29aec91 (diff)
downloadupstream-aba3b1c6a3639bf821d2cf305de22ec276fbff33.tar.gz
upstream-aba3b1c6a3639bf821d2cf305de22ec276fbff33.tar.bz2
upstream-aba3b1c6a3639bf821d2cf305de22ec276fbff33.zip
dnsmasq: use SIGINT for dnssec time valid
Dnsmasq used SIGHUP to do too many things: 1) set dnssec time validation enabled, 2) bump SOA zone serial, 3) clear dns cache, 4) reload hosts files, 5) reload resolvers/servers files. Many subsystems within LEDE can send SIGHUP to dnsmasq: 1) ntpd hotplug (to indicate time is valid for dnssec) 2) odhcpd (to indicate a new/removed host - typically DHCPv6 leases) 3) procd on interface state changes 4) procd on system config state changes, 5) service reload. If dnssec time validation is enabled before the system clock has been set to a sensible time, name resolution will fail. Because name resolution fails, ntpd is unable to resolve time server names to addresses, so is unable to set time. Classic chicken/egg. Since commits 23bba9cb330cd298739a16e350b0029ed9429eef (service reload) & 4f02285d8b4a66359a8fa46f22a3efde391b5419 (system config) make it more likely a SIGHUP will be sent for events other than 'ntpd has set time' it is more likely that an errant 'name resolution is failing for everything' situation will be encountered. Fortunately the upstream dnsmasq people agree and have moved 'check dnssec timestamp enable' from SIGHUP handler to SIGINT. Backport the upstream patch to use SIGINT. ntpd hotplug script updated to use SIGINT. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Diffstat (limited to 'package/utils')
0 files changed, 0 insertions, 0 deletions