Comment # 7 on bug 1192282 from 
Maybe it would be an option to allow Real Time scheduling in the systemd
service as I now see tomporary invalid DNSSEC name resolution and a few seconds
later all went OK ... currently RestrictRealtime is set to true but should IMHO
not set or set to off.

---

       --dnssec-no-timecheck
              DNSSEC signatures are only valid for specified  time  win-
              dows,  and  should be rejected outside those windows. This
              generates  an  interesting  chicken-and-egg  problem   for
              machines  which don't have a hardware real time clock. For
              these machines to determine  the  correct  time  typically
              requires  use of NTP and therefore DNS, but validating DNS
              requires that the correct time is already  known.  Setting
              this  flag  removes  the time-window checks (but not other
              DNSSEC  validation.)  only  until  the   dnsmasq   process
              receives  SIGINT.  The intention is that dnsmasq should be
              started with this flag when the platform  determines  that
              reliable time is not currently available. As soon as reli-
              able time is established, a SIGINT should be sent to  dns-
              masq, which enables time checking, and purges the cache of
              DNS records which have not been thoroughly checked.

You are receiving this mail because: