Enabling DNSSEC signing


I’m planning to start DNSSEC signing the NTP Pool related domains over the next several months.

DNS resolvers that do DNSSEC and use the NTP Pool to set the time could have a “bootstrapping problem” (can’t get to a pool server because they don’t know what time it is so DNSSEC doesn’t validate). However I think that’s already the case because the .org domain is signed.

The first domains will likely be ntpns.org (the name servers for pool.ntp.org etc) and ntppool.org.

closed #2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

opened #3