[dns-operations] Minimum clock skew tolerance?
Viktor Dukhovni
ietf-dane at dukhovni.org
Thu May 25 04:05:37 UTC 2017
I just noticed that the SOA signature inception of the .mg TLD was over 30 minutes
in the future.
http://dnsviz.net/d/example.mg/WSZWvg/dnssec/
Perhaps it was even longer earlier, but I was not looking then. Is +30 minutes
within the expected tolerance of validating resolvers? Is it poor practice?
DNSViz seems to regard that much clock skew as "bogus"...
--
Viktor.
More information about the dns-operations
mailing list