proper setup of dnssec-validation to _always_ resolve, and retrieve DATA and status flags ?
dchilton+bind at bestmail.us
dchilton+bind at bestmail.us
Tue May 10 14:39:42 UTC 2011
hi,
> > not sure how to read that. now that my time's correct again, can/should
> > I leave the server as is? or is there a specific recommendation for
> > time setup on a DNS server?
>
On Tue, 10 May 2011 16:58 +1000, "Mark Andrews" <marka at isc.org> wrote:
> "date -u" may now be correct but is plain "date"? If it isn't you
> should correct timezone for the server so that both "date" and "date
> -u" are correct. Otherwise you leave the server open to the
> accidental misconfiguration that probably caused this problem in
> the first place.
On Tue, 10 May 2011 10:37 +0100, "Phil Mayers" <p.mayers at imperial.ac.uk>
wrote:
> On 05/10/2011 07:58 AM, Mark Andrews wrote:
> Also, depending on your OS, check what timezone the hardware (bios)
> clock is stored in, and when you next reboot the server, check that it
> pushes OS time -> hardware time correctly, and reads it back correctly
> on startup.
thanks for the pointers. hwclock was wrong, too.
after setting HWCLOCK=-u" in '/etc/sysconfig/clock', after reboot,
'date', 'date -u', and 'hwclock' all now track correctly, and
grep valid /etc/named.conf
dnssec-validation yes;
dig www.adobe.com | egrep "^www.adobe.com|WHEN"
www.adobe.com. 3398 IN CNAME www.wip4.adobe.com.
;; WHEN: Tue May 10 07:37:31 2011
still works, and @ the correct time! lessons learned ...
thanks again,
DCh
More information about the bind-users
mailing list