http://bugzilla.opensuse.org/show_bug.cgi?id=1192282
http://bugzilla.opensuse.org/show_bug.cgi?id=1192282#c7
--- Comment #7 from Dr. Werner Fink ---
Maybe it would be an option to allow Real Time scheduling in the systemd
service as I now see tomporary invalid DNSSEC name resolution and a few seconds
later all went OK ... currently RestrictRealtime is set to true but should IMHO
not set or set to off.
---
--dnssec-no-timecheck
DNSSEC signatures are only valid for specified time win-
dows, and should be rejected outside those windows. This
generates an interesting chicken-and-egg problem for
machines which don't have a hardware real time clock. For
these machines to determine the correct time typically
requires use of NTP and therefore DNS, but validating DNS
requires that the correct time is already known. Setting
this flag removes the time-window checks (but not other
DNSSEC validation.) only until the dnsmasq process
receives SIGINT. The intention is that dnsmasq should be
started with this flag when the platform determines that
reliable time is not currently available. As soon as reli-
able time is established, a SIGINT should be sent to dns-
masq, which enables time checking, and purges the cache of
DNS records which have not been thoroughly checked.
--
You are receiving this mail because:
You are on the CC list for the bug.