DNSSEC validating resolver on machines without RTC or wrong date

Fred Morris m3047-unbound-b3u at m3047.net
Thu Apr 20 17:07:22 UTC 2023


On Thu, 20 Apr 2023, Petr Menšík via Unbound-users wrote:
> 
> I have a feeling you have something personal against me, but cannot remember 
> we ever discussed. Your responses seem to me a bit over-reacted and I do not 
> understand why. More below.

Sorry that you feel that way. I feel that there are solutions already for 
the commonly encountered use cases (you can't always get what you want!), 
so wanted to make sure there wasn't some use case which wasn't accounted 
for. Granted, there may be a better solution out there for the common 
cases.
>
> On 20. 04. 23 1:24, Fred Morris via Unbound-users wrote:
>>  "Pulling yourself up by your bootstraps" is never going to be pretty,
>> [...]
>>
>>  There are clearly options. 8)
> There always are.
>> 
> [...]
> Take an example of Fedora distribution image prepared to run on Raspberry PI 
> device. Let's say I would like to use that device as a ssh terminal and I 
> would like to have SSHFP records validated (where possible). Instead of 
> systemd-resolved I would like unbound as a system cache, but with booting 
> race conditions solved from the vendor already. So there is just minimal 
> steps to do on my side as an user. Ideally it would boot from live DVD 
> alternative without me changing anything.
>
> Similarly when I boot live DVD on a fresh bought laptop, where lets imagine 
> DNSSEC validation is enabled by default. I want to boot into graphical 
> interface without having to ever visit BIOS to set the date, I expect it can 
> fix it itself. All I need to do is plug in the network cable.

Thanks.

--

Fred Morris


More information about the Unbound-users mailing list