True, of course, they can happen. But I don't think special "cases" must be shown in these RFC's to reflect such errors ...
Best practice is to have authoritative and validating caching/forwarding name servers time sync'd. I think this is in the DNSSEC best practices RFC, by the way. Marc -----Original Message----- From: Masataka Ohta [mailto:[email protected]] Sent: 06 October 2011 12:44 PM To: Marc Lampo Cc: 'IETF DNSOP WG'; [email protected]; [email protected] Subject: Re: [DNSOP] clarification suggestion for draft-mekking-dnsop-dnssec-key-timing-bis and draft-morris-dnsop-dnssec-key-timing Marc Lampo wrote: > To make a long story short : > ZSK rollover timing must take into account max TTL of any *other* then > DNSKEY RRset > in the zone. Details below, example at the end of this email. How about clock errors between servers and clients? Masataka Ohta _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
