On Wed, 17 Jul 2013, Chris Adams wrote:
Once upon a time, Paul Wouters <pwouters@xxxxxxxxxx> said:
That's easiest said then done. It takes a lot of queries before you hit
pool.ntp.org. And then you have to 1) ensure no one else uses those DNS
answers and 2) flush the cache when enabling DNSSEC.
Well, it would be an ugly hack, but you could use something like "dig
+short +cd pool.ntp.org" to get some IPs (+cd disables validation for
this request only).
I understand the query. But you would either need to bypass the local
dns caching resolver or flush the cache afterwards. The second option has
a race condition, but the first has the problem that we are trying to reduce the
number of applications that modify /etc/resolv.conf to one (NM).
I'd rather not make "dig" a dependancy, but use libunbound directly with
a CD flag.
That's why for a simple "reboot", we could save the time to have some
approximation of time when we start (if we have no realtime clock or
see the time is 1970 of 2000)
If the root filesystem is ext4, you could use the "last write time" as a
starting point.
That's not very compatible with other fs'es. What if someone is
upgrading from ext3? Or using brtfs? Or something new? I'd rather see a
more generic method of writing a timestamp to a well known location.
Beyond the saved timestamp, I think I have a preference of only using
DNS queries to resolve this, making it a self-contained issue.
Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
