DNSSEC validating resolver on machines without RTC or wrong date

Jaap Akkerhuis jaap at NLnetLabs.nl
Sun Apr 16 09:53:13 UTC 2023

 Fred Morris via Unbound-users writes:

 > This has been an issue with TSIG for forever. If something is that broken, 
 > maybe somebody should wake up and pay attention: what if the whole 
 > datacenter has come adrift of its time moorings? (DAMHIK!)
 > I really can't picture what network you're envisioning, and if it's DR or 
 > "internet in a box" then that entails forethought.
 > Convince me that this is a DNS problem...

I won't because it ain't. For a more in dept discussion see "The
Impact of Time on DNS Security ", https://eprint.iacr.org/2019/788.pdf.


More information about the Unbound-users mailing list