[Opendnssec-develop] Making ODS immune for localtime changes

Rick van Rein rick at openfortress.nl
Mon Nov 5 11:14:03 UTC 2012

Hi Sion / others,

Thanks for thinking along:

> This is worth looking at closely. One worry for me would be pushing
> these changes out as we will then switch people from local time to
> UTC which for most folks will be more than the one hour summer-time
> switch.

Yes, I share that concern for one half of the globe.  We may have to
play a Phileas Fogg on them; preparing the database with time zones
on the safe side of UTC: "UTC-23h" or "UTC+23h" (not sure which),
and so on.

Alternatively, we could ensure that 2.0 resolves those issues by
not depending on timestamping, but on actual feedback from the
surrounding world.

> Also note that InceptionOffset should not interfere with keys being
> introduced; but maybe we should at least recommend that the publish
> safety is at least one hour to cover DST (this is the supplied
> default)?

Both variables would need our thinking through I suppose.  Setting them
to 1h + the actually wished-for variance sounds to me like a workaround,
but not an actual solution.  It's weird to have to set such variables
to a high value just because there *may* be a time shift every now and
then, and be delayed because of it throughout the rest of the year.


More information about the Opendnssec-develop mailing list