Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] dnsmasq on Raspberry Pi - ntp issues
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index Gentoo on ARM
View previous topic :: View next topic  
Author Message

Joined: 07 Mar 2007
Posts: 919

PostPosted: Tue Oct 27, 2020 12:05 pm    Post subject: [SOLVED] dnsmasq on Raspberry Pi - ntp issues Reply with quote

(Actually, I solved this on Arch linux, but I thought I'd record it here if anyone else hits the problem)

I setup my Pi as the authoritative DNS server using DNSSEC for my home network; it also provides a local NTP server daemon. The configuration is much as described in many places on the web, so I won't bore you with the details. However... on rebooting, my DNS disappeared, and all the other devices on the network started resolving everything to Dnsmasq claimed to be running OK, but clearly wasn't. Then I noticed the Pi's time was stuck some days in the past, and its NTP daemon wasn't happy. This turns out to be the key issue.

NTP finds the current time from the configured pool of servers, which of course requires DNS to find them (unless you hard code IP addresses, which way lays madness). But DNSSEC checks the timestamps on the DNS records, and doesn't trust one set in the future. As Pi users will know, there's no hardware clock, so there are various hacks to get a booting system before NTP comes up, but they all start the time in the past immediately after boot. So NTP won't give the correct time until DNS gives the pool server names, and DNS won't resolve names until the Pi has the correct time. Catch 23.

Dnsmasq solved this problem by including a couple of extra configuration/command line parameters, but they are documented neither in the man page nor the sample /etc/dnsmasq.conf. You need:
# Touch a file, such as that named below, to be R/W by dnsmasq or whatever userid it runs under

The first line gets dnsmasq to suspend timestamp checks until the file named in the second line has a date older than the system date. That means dnsmasq will resolve the ntp pool names on reboot, ntp will set the time, then the file becomes older than the system, so dnsmasq enables timestamp checks and touches the file again, updating its timestamp.
There's probably a window for a denial of service attack, but you probably shouldn't be using a Pi anyway if that's an issue.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo on ARM All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum