ntpsec | Draft: WIP: Add getdns wrapper for SRV and DNSSEC handling (!1496)
James Browning
jamesb192 at jamesb192.com
Sat Mar 28 20:34:47 UTC 2026
Please, try to be careful with the cross-posting.
On 03/27/2026 11:09 PM PDT Hal Murray (@hal.murray) <gitlab at mg.gitlab.com> wrote:
> > https://lists.ntpsec.org/pipermail/devel/2026-March/010936.html
>
> That doesn't say much. Let's start with the easy one, I think.
If I say more than about five words in a row, the stupid makes
people's brains melt out of their ears.
> Why do we want SRV? Is anybody else using it (for NTP)? What's
> wrong with A and AAAA?
SRV would really shine for NTS over IPv4 and in pools. The port
attribute (in addition to 'extra port') would allow bypassing
UDP/123 firewalls. Such firewalls can eat many NTS packets.
Also, getaddrinfo returns only bare IPv4 and IPv6 addresses.
That limits its use in more traditional pools.
> Are there any interesting API issues?
The library I am working with doesn't (ever?) return DNSSEC
invalid results. This prevents me from checking if the results
would be good at a later timestamp. It looks like the DNSSEC
retry bit wouldn't work, unless I wrote my own resolver, or
something.
> Is this more important that other things?
Nothing I do is more important than the work of other
developers. I have some merge requests I think are ready;
they're used to waiting.
> (over on devel@, not here)
Doing it here, but I'll post a copy on the devel list as well.
More information about the devel
mailing list