Re: DNSSEC validation without current time

2017-12-15 Thread Tony Finch
Petr Menšík wrote: > > This is related to booting with NTP client, when the only configuration > is hostname that has to be resolved. There is a bit circle dependencies. Yes awkward, and there still aren't any convincing answers. One of the more interesting projects is

Re: DNSSEC validation without current time

2017-12-15 Thread Mukund Sivaraman
On Fri, Dec 15, 2017 at 12:45:11PM +0100, Petr Menšík wrote: > Hi folks. > > I am looking for a way to validate name also on systems, where current > time is not available or can be inaccurate. I use a Garmin 18x LVC 1pps GPS receiver device connected to RS-232 serial port. The device plus

Re: DNSSEC validation without current time

2017-12-15 Thread Petr Menšík
Dne 15.12.2017 v 13:06 G.W. Haywood via bind-users napsal(a): > Hi there, > > On Fri, 15 Dec 2017, Petr Men??k wrote: > >> ... current time is not available or can be inaccurate. > > ntpdate? > Sure, of course. What would be default host after installation, that can be used in default

Re: DNSSEC validation without current time

2017-12-15 Thread G.W. Haywood via bind-users
Hi there, On Fri, 15 Dec 2017, Petr Men??k wrote: ... current time is not available or can be inaccurate. ntpdate? -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing

DNSSEC validation without current time

2017-12-15 Thread Petr Menšík
Hi folks. I am looking for a way to validate name also on systems, where current time is not available or can be inaccurate. This is related to booting with NTP client, when the only configuration is hostname that has to be resolved. There is a bit circle dependencies. First current time is

Re: DNSSEC validation without current time

2017-12-15 Thread Timothe Litt
On 15-Dec-17 06:45, Petr Menšík wrote: > Hi folks. > > I am looking for a way to validate name also on systems, where current > time is not available or can be inaccurate. > > This is related to booting with NTP client, when the only configuration > is hostname that has to be resolved. There is a

Re: Re: DNSSEC validation without current time

2017-12-15 Thread Timothe Litt
On 15-Dec-17 07:44, Mukund Sivaraman wrote: On Fri, Dec 15, 2017 at 12:45:11PM +0100, Petr Menšík wrote: >> Hi folks. >> >> I am looking for a way to validate name also on systems, where current >> time is not available or can be inaccurate. > I use a Garmin 18x LVC 1pps GPS receiver device

Re: DNSSEC validation without current time

2017-12-15 Thread Barry Margolin
In article , "G.W. Haywood" wrote: > Hi there, > > On Fri, 15 Dec 2017, Petr Men??k wrote: > > > ... current time is not available or can be inaccurate. > > ntpdate? I think the issue is that he needs to resolve

Re: DNSSEC validation without current time

2017-12-15 Thread Grant Taylor via bind-users
On 12/15/2017 08:10 AM, Timothe Litt wrote: I use an 19xLVC too (On Raspbian == Debian).  But I also have an RTC. GPS does have outages,  can take a while to get a fix, and NTP wants consensus.  So I use my GPS receiver as a local clock source (preferred), but also configure several servers

FYI: zones created using "rndc addzone" could temporarily fail to inherit option "allow-transfer"

2017-12-15 Thread Michael McNally
We recently received a bug report that newly-added zones (via rndc addzone) were not inheriting the global allow-transfer directive and could be transferred using AXFR by anyone able to access the server to which they had just been added. Further investigation revealed that the circumstances when