Kevin Darbyshire-Bryant
2018-01-03 11:07:22 UTC
Hi Simon,
Happy New Year!
I suspect this patch is going to get quite a push back in the name of backwards compatibility, however the problem is real and getting worse on some platforms - from the patch submitted to the LEDE/Openwrt platform:
"Move 'check dnssec timestamp enable' from SIGHUP handler to SIGUSR2.
Dnsmasq uses SIGHUP to do too many things: 1) set dnssec time validation
enabled, 2) bump SOA zone serial, 3) clear dns cache, 4) reload hosts
files, 5) reload resolvers/servers files. SIGUSR2 is used to
re-open/re-start the logfile. Default LEDE does not use logfile
functionality.
Many subsystems within LEDE can send SIGHUP to dnsmasq: 1) ntpd hotplug
(to indicate time is valid for dnssec) 2) odhcpd (to indicate a
new/removed host - typically DHCPv6 leases) 3) procd on interface state
changes 4) procd on system config state changes, 5) service reload.
If dnssec time validation is enabled before the system clock has been
set to a sensible time, name resolution will fail. Because name
resolution fails, ntpd is unable to resolve time server names to
addresses, so is unable to set time. Classic chicken/egg.
Since commits 23bba9cb330cd298739a16e350b0029ed9429eef (service reload) &
4f02285d8b4a66359a8fa46f22a3efde391b5419 (system config) make it more
likely a SIGHUP will be sent for events other than 'ntpd has set time'
it is more likely that an errant 'name resolution is failing for
everything' situation will be encountered.
Ideally dnsmasq would have some other IPC mechanism for indicating 'time
is valid, go check dnssec timestamps', but until that time
(implementation is left as an exercise for the interested/competent
reader/bikeshedder) the next best thing is to move functionality from
the overloaded SIGHUP signal to the under-utilised SIGUSR2.â
I do think that SIGHUP is overloaded, doing something sensible about it is challenging. Thoughts?
Happy New Year!
I suspect this patch is going to get quite a push back in the name of backwards compatibility, however the problem is real and getting worse on some platforms - from the patch submitted to the LEDE/Openwrt platform:
"Move 'check dnssec timestamp enable' from SIGHUP handler to SIGUSR2.
Dnsmasq uses SIGHUP to do too many things: 1) set dnssec time validation
enabled, 2) bump SOA zone serial, 3) clear dns cache, 4) reload hosts
files, 5) reload resolvers/servers files. SIGUSR2 is used to
re-open/re-start the logfile. Default LEDE does not use logfile
functionality.
Many subsystems within LEDE can send SIGHUP to dnsmasq: 1) ntpd hotplug
(to indicate time is valid for dnssec) 2) odhcpd (to indicate a
new/removed host - typically DHCPv6 leases) 3) procd on interface state
changes 4) procd on system config state changes, 5) service reload.
If dnssec time validation is enabled before the system clock has been
set to a sensible time, name resolution will fail. Because name
resolution fails, ntpd is unable to resolve time server names to
addresses, so is unable to set time. Classic chicken/egg.
Since commits 23bba9cb330cd298739a16e350b0029ed9429eef (service reload) &
4f02285d8b4a66359a8fa46f22a3efde391b5419 (system config) make it more
likely a SIGHUP will be sent for events other than 'ntpd has set time'
it is more likely that an errant 'name resolution is failing for
everything' situation will be encountered.
Ideally dnsmasq would have some other IPC mechanism for indicating 'time
is valid, go check dnssec timestamps', but until that time
(implementation is left as an exercise for the interested/competent
reader/bikeshedder) the next best thing is to move functionality from
the overloaded SIGHUP signal to the under-utilised SIGUSR2.â
I do think that SIGHUP is overloaded, doing something sensible about it is challenging. Thoughts?