Re: WARNING: debian11 + bind-9.16.15 + dnssec-policy in options{} = crashes
On Mon, 16 Aug 2021, raf wrote:
> If like me, you've been eagerly awaiting debian11 to
> get bind-9.16.15, which finally lets you implement
> DNSSEC extremely easily on debian stable, I have a
> warning.
And I have another: make sure your system clock is correct. DNSSEC will
fail if system time is too far off.
There is a chicken-and-egg problem between NTP and DNSSEC if your first
time sync depends on DNS to resolve the ntp server address *and* the
system does not have a (correct) real-time clock.
--
Henrique Holschuh
Reply to: