DNSSEC validating resolver on machines without RTC or wrong date

Fred Morris m3047-unbound-b3u at m3047.net
Sun Apr 16 17:40:47 UTC 2023 

Externalities. I generally eschew interviews where somebody asks "tell me 
what happens when $something boots": I mean, is it Systems-On-Chips all 
the way down or not? What about that keyboard, should I start there? How 
about the UPS?

Epistemologically, what role does The DNS play in the boot process? I say 
little to none and I'd like to keep it that way. Same with The Internet 
writ large: I don't see that an internet connection should be necessary to 
boot. Not everybody agrees with me. On the other hand, you want to do 
things on your own network with DNS? What warm-blooded meat puppet 
doesn't? I'm all for it and I applaud your efforts.

I think things which don't even have a vague sense of what time it is 
shouldn't be connected to The Internet and using The DNS writ large unless 
they're purpose-built not to need that capability. That doesn't mean that 
they can't use ARP, DHCP, DNS, UDP or TCP, ICMP inside a nice padded 
playpen while they learn to gird their loins and tie their shoes.

When they've learned that, then hopefully as part of that process they've 
learned enough to ask for the proper address for DNS services and the 
gateway address. This seems like the proper "order of battle" to me.

Things which come out of the box with enough smarts (which will never be 
updated) to hack their way to The Internet are indistinguishable from 
rogue devices because they ARE rogue devices. (And that goes for that 
keyboard I was talking about.) I've got an ASUS wifi repeater on my home 
network which periodically goes on a rampage and tries random doors, UPnP, 
you name it. Always has. I consider it a free pentest. It could be 
prepwned; how would I know? Anyway, it will never see The Internet. 
Anybody who finds themselves on my network uninvited will have to deal 
with it eventually.

On Sun, 16 Apr 2023, James Cloos wrote:
> 
>>>>>> "FMvU" == Fred Morris via Unbound-users <unbound-users at lists.nlnetlabs.nl> writes:
>
> FMvU> This is where it starts to go off the rails for me. I mean: where?
> FMvU> Someplace which is neither configured a fixed address or provisioned
> FMvU> with DHCP... and yet is connected to the internet: where is that?
>
> he means a fixed ip for the ntp server, not for the client.

Yes. He means a fixed IP or resource name for the NTP server, /on/ the 
client. Actually he means the network, too.

If I configure DHCP for my segment and I don't configure gateway, DNS or 
NTP: what is my intention?

If I configure a fixed address (for the device) and I don't configure 
gateway, DNS or NTP: what is my intention?

If I don't configure anything, what is my intention?

Should the vendor's intention be imposed (shouldn't the intent be well 
known)? Should any network interface come up at all? Should an intent to 
connect this to The Internet be respected or should it be denounced? 
Should the vendor be explaining how they're going to prevent anything 
running this from becoming e-waste and a liability in our lifetime?

I'm sorry to have to ask (in the sense that it diminishes us all), but 
please explain for all of us, tell us: exactly what happens when this 
boots?

--

Fred Morris

More information about the Unbound-users mailing list