20160203 Chicken & Egg issues¶
A couple of people have reported a new-ish chicken&egg issue in system startup.
It basically goes like this:
System is booted
Clock is wrong
NTPD/Ntimed is run
NTPD/Ntimed tries to resolve a DNS name
The DNS resolver hits DNSSEC
DNSSEC validation gets wrong system time
DNSSEC validation fails
DNS resolver fails
NTPD/Ntimed doesn’t sync time
There are no true solutions to this, it is a genuine chicken&egg issue.
Not that many people have hit it yet, because DNSSEC is not that widely deployed and a lot of people have, wisely, configured their NTP servers using numeric IP numbers.
But that is not always an option, for instance there is no way to run NTP-server pools, like *.pool.ntp.org, using numeric IP numbers.
The way Ntimed will tackle this, once I get the code written, is by keeping a dedicated DNS cache in a file, for use on the next startup.
The startup will go something like this:
Configure any servers which are specified with numeric IP#s
Configure any servers we can with the cache file
Periodically Attempt to DNS resolve any non-numeric servernames
Save resolved IP#s in cache file
This is not perfect, but it will solve the problem in the majority of cases, and it also takes the DNS entirely out of the normal startup, which, all else being equal, should shave some fraction of a second of system boot times.