On Mon, 16 Aug 2021, raf wrote: > If like me, you've been eagerly awaiting debian11 to > get bind-9.16.15, which finally lets you implement > DNSSEC extremely easily on debian stable, I have a > warning.
And I have another: make sure your system clock is correct. DNSSEC will fail if system time is too far off. There is a chicken-and-egg problem between NTP and DNSSEC if your first time sync depends on DNS to resolve the ntp server address *and* the system does not have a (correct) real-time clock. -- Henrique Holschuh
