From: Michael Tremer Date: Tue, 10 Mar 2015 15:22:09 +0000 (+0100) Subject: dnsmasq: Enable DNSSEC timestamp feature X-Git-Url: http://git.ipfire.org/?p=people%2Fdweismueller%2Fipfire-2.x.git;a=commitdiff_plain;h=de7abd2cd52e3751ac94d5d56ae9ff510311fc67 dnsmasq: Enable DNSSEC timestamp feature This disables DNSSEC until the system clock has been set correctly. There is a circular dependency on working DNS and being able to resolve DNS records in order to reach a time server. Systems without a RTC or empty RTC battery will start up with time way in the past in which all DNSSEC signatures are invalid. --- diff --git a/src/initscripts/init.d/dnsmasq b/src/initscripts/init.d/dnsmasq index 48b9d19d0..4e3792517 100644 --- a/src/initscripts/init.d/dnsmasq +++ b/src/initscripts/init.d/dnsmasq @@ -26,7 +26,7 @@ SHOW_SRV=1 TRUST_ANCHOR=".,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5" function dnssec_args() { - local cmdline="--dnssec" + local cmdline="--dnssec --dnssec-timestamp" if [ -n "${TRUST_ANCHOR}" ]; then cmdline="${cmdline} --trust-anchor=${TRUST_ANCHOR}"