DNSSEC validating resolver on machines without RTC or wrong date
m3047-unbound-b3u at m3047.net
Sun Apr 16 17:40:47 UTC 2023
Externalities. I generally eschew interviews where somebody asks "tell me
what happens when $something boots": I mean, is it Systems-On-Chips all
the way down or not? What about that keyboard, should I start there? How
about the UPS?
Epistemologically, what role does The DNS play in the boot process? I say
little to none and I'd like to keep it that way. Same with The Internet
writ large: I don't see that an internet connection should be necessary to
boot. Not everybody agrees with me. On the other hand, you want to do
things on your own network with DNS? What warm-blooded meat puppet
doesn't? I'm all for it and I applaud your efforts.
I think things which don't even have a vague sense of what time it is
shouldn't be connected to The Internet and using The DNS writ large unless
they're purpose-built not to need that capability. That doesn't mean that
they can't use ARP, DHCP, DNS, UDP or TCP, ICMP inside a nice padded
playpen while they learn to gird their loins and tie their shoes.
When they've learned that, then hopefully as part of that process they've
learned enough to ask for the proper address for DNS services and the
gateway address. This seems like the proper "order of battle" to me.
Things which come out of the box with enough smarts (which will never be
updated) to hack their way to The Internet are indistinguishable from
rogue devices because they ARE rogue devices. (And that goes for that
keyboard I was talking about.) I've got an ASUS wifi repeater on my home
network which periodically goes on a rampage and tries random doors, UPnP,
you name it. Always has. I consider it a free pentest. It could be
prepwned; how would I know? Anyway, it will never see The Internet.
Anybody who finds themselves on my network uninvited will have to deal
with it eventually.
On Sun, 16 Apr 2023, James Cloos wrote:
>>>>>> "FMvU" == Fred Morris via Unbound-users <unbound-users at lists.nlnetlabs.nl> writes:
> FMvU> This is where it starts to go off the rails for me. I mean: where?
> FMvU> Someplace which is neither configured a fixed address or provisioned
> FMvU> with DHCP... and yet is connected to the internet: where is that?
> he means a fixed ip for the ntp server, not for the client.
Yes. He means a fixed IP or resource name for the NTP server, /on/ the
client. Actually he means the network, too.
If I configure DHCP for my segment and I don't configure gateway, DNS or
NTP: what is my intention?
If I configure a fixed address (for the device) and I don't configure
gateway, DNS or NTP: what is my intention?
If I don't configure anything, what is my intention?
Should the vendor's intention be imposed (shouldn't the intent be well
known)? Should any network interface come up at all? Should an intent to
connect this to The Internet be respected or should it be denounced?
Should the vendor be explaining how they're going to prevent anything
running this from becoming e-waste and a liability in our lifetime?
I'm sorry to have to ask (in the sense that it diminishes us all), but
please explain for all of us, tell us: exactly what happens when this
More information about the Unbound-users