[Cerowrt-devel] cerowrt 3.3.8-17: nice latency improvements, some issues with bind
mcr at sandelman.ca
Mon Aug 20 19:19:27 EDT 2012
>>>>> "George" == George Lambert <marchon at gmail.com> writes:
George> Check and set the time by syncing to NTP Servers - not user supplied times
George> if the network
George> is available. to see if they have set times > those set by NTP Server
George> The global address *time.nist.gov* is resolved to all of the server
George> addresses below in a round-robin sequence to equalize the load across all
George> of the servers.
Good idea, but you need DNS to find that server, and you need
time to do DNSSEC.
If the time is set years into the future, then DNSSEC may also fail, as
the signatures would be too old. Accepting that might be a problem.
If the time can be set like this by an operator, then there is a
problem, and an operator will have to deal with it. It's best to stick
to what we can do automatically.
-at the cottage-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 489 bytes
Desc: not available
More information about the Cerowrt-devel