Re: WARNING: debian11 + bind-9.16.15 + dnssec-policy in options{} = crashes

To: debian-user@lists.debian.org
Subject: Re: WARNING: debian11 + bind-9.16.15 + dnssec-policy in options{} = crashes
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Tue, 17 Aug 2021 17:42:47 -0300
Message-id: <[🔎] 20210817204247.GA15999@khazad-dum.debian.net>
In-reply-to: <[🔎] YRnwZ2ZHOG0qxgP3@raf.org>
References: <[🔎] YRnwZ2ZHOG0qxgP3@raf.org>

On Mon, 16 Aug 2021, raf wrote:
> If like me, you've been eagerly awaiting debian11 to
> get bind-9.16.15, which finally lets you implement
> DNSSEC extremely easily on debian stable, I have a
> warning.

And I have another: make sure your system clock is correct.  DNSSEC will
fail if system time is too far off.

There is a chicken-and-egg problem between NTP and DNSSEC if your first
time sync depends on DNS to resolve the ntp server address *and* the
system does not have a (correct) real-time clock.

-- 
  Henrique Holschuh

Reply to:

References:
- WARNING: debian11 + bind-9.16.15 + dnssec-policy in options{} = crashes
  - From: raf <debian@raf.org>

Prev by Date: Re: Debian 11: sources.list for conservative server?
Next by Date: Re: Still on stretch, getting ready for bullseye
Previous by thread: WARNING: debian11 + bind-9.16.15 + dnssec-policy in options{} = crashes
Next by thread: Debian 11 installer crashed and reboot
Index(es):
- Date
- Thread