On Mon, 14 Apr 2014, Juan Orti Alcaine wrote:
One thing I would like to note is that in machines which don't have a
hardware clock, I had problems starting bind and unbound, because the date
was back to 1970 in each boot, so the root dns key was not yet valid and
there were no valid dns resolvers to update time by ntp. I had to hardcode
some ntp servers IP addresses to perform the ntp queries at boot time.
This was using the OpenWrt distro in a mips router, I don't know if we can
face this kind of problem in ARM machines. I guess all x86 have hardware
clock, doesn't they?
That's a problem we are aware of. tlsdate is one method, but I believe
the openwrt people now also do some other things. Possibly saving the
time on shutdown so you have a reasonable time on startup.
For DNSSEC, we found that you need accurancy within a couple of hours
because some RRSIGs in the path to .org (for ntp.pool.org) were pretty
short. But I think adding a few ntp servers by IP address could be good
for the standard ntp config as well - provided there are IPs that can be
used for that in the pool.
Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
