Fedora mulls providing a local DNSSEC resolver

Posted May 29, 2014 6:22 UTC (Thu) by dlang (guest, #313)
Parent article: Fedora mulls providing a local DNSSEC resolver

The Fedora folks should stop by the cerowrt mailing list archives, they've been attempting to roll out DNSSEC by default and run into a number of headaches

among them, DNSSEC doesn't work without accurate time, but how do you lookup your NTP servers?

they've also found that a number of ISPs do things with DNS traffic that break DNSSEC.

to post comments

Fedora mulls providing a local DNSSEC resolver

Posted May 30, 2014 8:25 UTC (Fri) by sourcejedi (guest, #45153) [Link] (1 responses)

I think it's a problem because cerowrt target machine(s) don't have a battery-backed clock that's set at the factory. Fedora's targets generally do (except maybe some ARM boards).

Fedora mulls providing a local DNSSEC resolver

Posted May 30, 2014 19:13 UTC (Fri) by dlang (guest, #313) [Link]

If you depend on the system clock being correct to operate properly, you are going to be in trouble sooner or later.