Re: ntpdate(8) and unbound(8) dependencies during boot

[Martin Husemann <martin%duskware.de@localhost>]

On Sun, Oct 18, 2020 at 02:40:17PM -0700, Jordan Geoghegan wrote:
> [..] As I see it, it's just a couple TLS
> handshakes which look identical to DNS over HTTPS traffic (which use the
> ubiquitous port 443).

Heh, that is kinda funny. If you haven't disabled DNS over HTTPS network wide
you certainly will not care about this information disclosure.

I am very glad that the Mozilla folks made this easy to do with DNS tricks
(so I could do it even for remote networks w/o site visit or using remote
hands on every windows machine).

> Unless there's something I'm missing (or that the
> paranoiacs failed to address) I'm pretty sure this is one of the only viable
> solutions for combating the chicken and egg clock problem TODAY.

This thread had several (from my POV) better ones already, but they all
have the downside of needing local setup / configuration. Which I don't
consider a big deal (or even a plus).

However, it it totaly fine to behave like you described for all users
unable to provide the needed services localy or conciously choses not
to - as long as the rope is provided to override things and go with a
better (according to local metrics, for the local setup) solution.

Martin