[Yeti DNS Discuss] Yeti back to the future

David Beck david.beck at informnis.ch
Sun Oct 25 09:15:54 UTC 2015


On 23.10.15 09:13, Stephane Bortzmeyer wrote:
> Am I right in saying that the offset of the clock is not very
> important for an authoritative name server (besides sysadmin issues
> like having exploitable logs)? An authoritative DNS server (unlike a
> validating resolver, or a signer) does not care about the time, no?

An authoritative server requires the approximately correct time for TSIG
to prevent against replay attacks. If the time difference is more than
the fudge value, the TSIG is not accepted accepted. The RFC 2845
recommended fudge factor is five minutes.

Dave



More information about the discuss mailing list