openwrtv4/package/network/services/dnsmasq/files
Kevin Darbyshire-Bryant aba3b1c6a3 dnsmasq: use SIGINT for dnssec time valid
Dnsmasq used SIGHUP to do too many things: 1) set dnssec time validation
enabled, 2) bump SOA zone serial, 3) clear dns cache, 4) reload hosts
files, 5) reload resolvers/servers files.

Many subsystems within LEDE can send SIGHUP to dnsmasq: 1) ntpd hotplug
(to indicate time is valid for dnssec) 2) odhcpd (to indicate a
new/removed host - typically DHCPv6 leases) 3) procd on interface state
changes 4) procd on system config state changes, 5) service reload.

If dnssec time validation is enabled before the system clock has been
set to a sensible time, name resolution will fail.  Because name
resolution fails, ntpd is unable to resolve time server names to
addresses, so is unable to set time.  Classic chicken/egg.

Since commits 23bba9cb33 (service reload) &
4f02285d8b (system config)  make it more
likely a SIGHUP will be sent for events other than 'ntpd has set time'
it is more likely that an errant 'name resolution is failing for
everything' situation will be encountered.

Fortunately the upstream dnsmasq people agree and have moved 'check
dnssec timestamp enable' from SIGHUP handler to SIGINT.

Backport the upstream patch to use SIGINT.
ntpd hotplug script updated to use SIGINT.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-15 22:34:51 +01:00
..
dhcp-script.sh dnsmasq: add dhcp-script hook for other packages 2017-05-26 21:28:30 +02:00
dhcp.conf dnsmasq: make bind-dynamic 'non-wildcard' interfaces default 2017-06-11 14:50:04 +02:00
dnsmasq.conf
dnsmasq.init dnsmasq: send procd signal on service reload 2017-12-26 23:35:45 +01:00
dnsmasq_acl.json dnsmasq: add ubus notifications for new leases 2017-08-22 21:31:39 +02:00
dnsmasqsec.hotplug dnsmasq: use SIGINT for dnssec time valid 2018-01-15 22:34:51 +01:00
rfc6761.conf dnsmasq: do not forward rfc6761 excluded domains 2017-03-09 10:42:27 +01:00