James Hilliard
c2db53caca
We have a chicken and egg problem: validation of DNSSEC signatures doesn't work without a correct clock, but to set the correct clock we need to contact NTP servers which requires resolving a hostname, which would normally require DNSSEC validation. Let's break the cycle by excluding NTP hostname resolution from validation for now. Details: https://github.com/systemd/systemd/commit/abf4e5c1d3ad767bc0ed67883e8e4d916af095ec Signed-off-by: James Hilliard <james.hilliard1@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>