>The problem is, typical off-the-shelf validating resolvers do not check >if they have an accurate time, they assume that they do. (Rightly so, I >would say, it's the problem of the OS to provide accurate time). > >Now, I'm hearing an intention that LocalRoot should be on by >default. I'm not convinced that the typical CPE vendor appreciates the >consequences if they bring in an off-the-shelf-resolver that turns this >on. I.e. suddenly they have to have accurate time before they can turn on >the local resolver, while in the past there was probably not a hard >requirement on accurate time on the CPE.
I assume that we don't want local root to be an easy to exploit DoS. So it is reasonable to specify that if a resolver cannot obtain a copy of the root zone that validates then it will just disable local root (for a while). In that case, the lack of accurate time when the resolver starts only results in a local root being disabled. On today's internet, it is very unlikely that a resolver can securely obtain a copy of the root when the resolver's time is wildly inaccurate. So when a resolver doesn't know what time it is then the best we can do is to disable local root. Personally, I would hope that vendors don't install recursive resolvers on devices that don't know what time it is. Running a recursive resolver require some attention to detail. And lack of time suggests the absence of that. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
