[dns-operations] Minimum clock skew tolerance?

Viktor Dukhovni ietf-dane at dukhovni.org
Thu May 25 04:05:37 UTC 2017

I just noticed that the SOA signature inception of the .mg TLD was over 30 minutes
in the future.


Perhaps it was even longer earlier, but I was not looking then.  Is +30 minutes
within the expected tolerance of validating resolvers?  Is it poor practice?

DNSViz seems to regard that much clock skew as "bogus"...


More information about the dns-operations mailing list