Aaron Wood <woody77@gmail.com> writes:

> or we find a way to have long-lived dnssec entries.

Is the timing controllable somehow? I.e. would it be possible to set up
a special domain name with a really long-lived key that could be queried
indefinitely for the IP address of one or more NTP servers, even in the
face of an a wrong clock?

-Toke