[Opendnssec-develop] Making ODS immune for localtime changes
Rick van Rein
rick at openfortress.nl
Mon Nov 5 11:14:03 UTC 2012
Hi Sion / others,
Thanks for thinking along:
> This is worth looking at closely. One worry for me would be pushing
> these changes out as we will then switch people from local time to
> UTC which for most folks will be more than the one hour summer-time
> switch.
Yes, I share that concern for one half of the globe. We may have to
play a Phileas Fogg on them; preparing the database with time zones
on the safe side of UTC: "UTC-23h" or "UTC+23h" (not sure which),
and so on.
Alternatively, we could ensure that 2.0 resolves those issues by
not depending on timestamping, but on actual feedback from the
surrounding world.
> Also note that InceptionOffset should not interfere with keys being
> introduced; but maybe we should at least recommend that the publish
> safety is at least one hour to cover DST (this is the supplied
> default)?
Both variables would need our thinking through I suppose. Setting them
to 1h + the actually wished-for variance sounds to me like a workaround,
but not an actual solution. It's weird to have to set such variables
to a high value just because there *may* be a time shift every now and
then, and be delayed because of it throughout the rest of the year.
Cheers,
-Rick
More information about the Opendnssec-develop
mailing list