[Cerowrt-devel] cerowrt 3.3.8-17: nice latency improvements, some issues with bind

Michael Richardson mcr at sandelman.ca
Mon Aug 20 19:19:27 EDT 2012


>>>>> "George" == George Lambert <marchon at gmail.com> writes:
    George> Check and set the time by syncing to NTP Servers - not user supplied times
    George> if the network
    George> is available. to see if they have set times > those set by NTP Server

    George> http://tf.nist.gov/tf-cgi/servers.cgi

    George> The global address *time.nist.gov* is resolved to all of the server
    George> addresses below in a round-robin sequence to equalize the load across all
    George> of the servers.

Good idea, but you need DNS to find that server, and you need
time to do DNSSEC.

If the time is set years into the future, then DNSSEC may also fail, as
the signatures would be too old.   Accepting that might be a problem.

If the time can be set like this by an operator, then there is a
problem, and an operator will have to deal with it.  It's best to stick
to what we can do automatically.

--
Michael Richardson
-at the cottage-

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20120820/454db3da/attachment.sig>


More information about the Cerowrt-devel mailing list