DNSSEC validating resolver on machines without RTC or wrong date
Jaap Akkerhuis
jaap at NLnetLabs.nl
Sun Apr 16 09:53:13 UTC 2023
Fred Morris via Unbound-users writes:
> This has been an issue with TSIG for forever. If something is that broken,
> maybe somebody should wake up and pay attention: what if the whole
> datacenter has come adrift of its time moorings? (DAMHIK!)
>
> I really can't picture what network you're envisioning, and if it's DR or
> "internet in a box" then that entails forethought.
>
> Convince me that this is a DNS problem...
I won't because it ain't. For a more in dept discussion see "The
Impact of Time on DNS Security ", https://eprint.iacr.org/2019/788.pdf.
jaap
More information about the Unbound-users
mailing list