[ntp:hackers] Re: NTP and leap-seconds

Tim Shoppa shoppa at trailing-edge.com
Fri Jul 7 22:13:09 UTC 2006

Paul Vixie <paul at vix.com> wrote:
> [straightening us out on what DNS does and doesn't]


> there is no non-crypto dns root zone file distribution method any more, at
> least as regards the iana root zone and the iana-recognized root name servers.
> we use TSIG (see RFC2845) to both authenticate zone publishing authority and
> to control zone distribution.
> and it's not rare.  the root zone changes once a day, minimum.
> and while bind grabs a fresh list of root name servers at startup time, it
> does not write this information to disk, so on every reboot, it will use its
> compiled-in or on-disk "hints" to locate a server from which "fresh hints"
> can be fetched.  and the reason we don't update it on disk is, i don't trust
> automation at that level, it's too easy to wind up with a zero-length file.

Is there any hope of using TSIG/RFC2845 or more simply the root zone
servers to distribute leap second tables from authenticated publishing
authorities? Such leap second tables would be updated/changed less
frequently or about the same as the root zone if I understand things.


More information about the hackers mailing list