proper setup of dnssec-validation to _always_ resolve, and retrieve DATA and status flags ?
marka at isc.org
Tue May 10 06:58:25 UTC 2011
In message <1305008349.11252.1450182761 at webmail.messagingengine.com>, "" writes
> On Tue, 10 May 2011 16:15 +1000, "Mark Andrews" <marka at isc.org> wrote:
> > > looks good, right?
> > yes.
> MANY thanks! i wouldn't have easily found this ...
> > DNSSEC only needs wristwatch time accuracy however it is easy to
> > get the time wrong if the server is configured in the wrong timezone.
> > The error was equal to the local time offset from UTC which indicates
> > it was running in UTC but set with the local time.
> not sure how to read that. now that my time's correct again, can/should
> I leave the server as is? or is there a specific recommendation for
> time setup on a DNS server?
"date -u" may now be correct but is plain "date"? If it isn't you
should correct timezone for the server so that both "date" and "date
-u" are correct. Otherwise you leave the server open to the
accidental misconfiguration that probably caused this problem in
the first place.
> Thanks again,
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users