[Dnssec-deployment] NTP & DNSSEC: chicken & egg?
Ondřej Surý
ondrej.sury at nic.cz
Mon Jun 14 09:11:12 EDT 2010
On 15.2.2010 00:03, Mark Andrews wrote:
> In message<alpine.LFD.1.10.1002141722170.9554 at newtla.xelerance.com>, Paul Wout
> ers writes:
>> A wrong system time on your *signer* is much more devastating.
>
> Yep.
>
> It would be nice if there were standard api to indicate if your
> clock is synced and the signer could use those if it was paranoid.
> Note: ntp can also "successfully" sync onto the wrong date so even
> ntp synced is not a guarentee of correct time.
I know it's not "standard", but you could at least use
ntp_adjtime/ntp_gettime on BSDs and adjtimex on Linux. Or is there
something I am not aware of?
Ondrej
--
Ondřej Surý
vedoucí výzkumu/R&D manager
-------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Americka 23, 120 00 Praha 2, Czech Republic
mailto:ondrej.sury at nic.cz http://nic.cz/
tel:+420.222745110 fax:+420.222745112
-------------------------------------------
More information about the Dnssec-deployment
mailing list