[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: ntpdate(8) and unbound(8) dependencies during boot
- Subject: Re: ntpdate(8) and unbound(8) dependencies during boot
- From: Jordan Geoghegan <jordan%geoghegan.ca@localhost>
- Date: Tue, 20 Oct 2020 12:27:05 -0700
I obviously have disabled DoH on my browser, as I run my own DNS
infrastructure. What sort of information disclosure are you talking
about though? Be specific.
What are the better solutions? If you think manually editing individual
daemon config files to cope with broken clocks is a viable solution,
then color me surprised.
The idea is that you shouldn't have to be a tough guy with your local
NTP server etc to have a working clock lol, it should (within reason)
On 2020-10-19 01:41, Martin Husemann wrote:
On Sun, Oct 18, 2020 at 02:40:17PM -0700, Jordan Geoghegan wrote:
[..] As I see it, it's just a couple TLS
handshakes which look identical to DNS over HTTPS traffic (which use the
ubiquitous port 443).
Heh, that is kinda funny. If you haven't disabled DNS over HTTPS network wide
you certainly will not care about this information disclosure.
I am very glad that the Mozilla folks made this easy to do with DNS tricks
(so I could do it even for remote networks w/o site visit or using remote
hands on every windows machine).
Unless there's something I'm missing (or that the
paranoiacs failed to address) I'm pretty sure this is one of the only viable
solutions for combating the chicken and egg clock problem TODAY.
This thread had several (from my POV) better ones already, but they all
have the downside of needing local setup / configuration. Which I don't
consider a big deal (or even a plus).
However, it it totaly fine to behave like you described for all users
unable to provide the needed services localy or conciously choses not
to - as long as the rope is provided to override things and go with a
better (according to local metrics, for the local setup) solution.
Main Index |
Thread Index |