Re: [dhcwg] [ntpwg] Fwd: New Version Notification for draft-ogud-dhc-udp-time-option-01.txt

Ted Lemon <ted.lemon@nominum.com> Mon, 02 December 2013 05:13 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 048D41AE3E2 for <dhcwg@ietfa.amsl.com>; Sun, 1 Dec 2013 21:13:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id txsJa4IdF5FH for <dhcwg@ietfa.amsl.com>; Sun, 1 Dec 2013 21:13:31 -0800 (PST)
Received: from exprod7og106.obsmtp.com (exprod7og106.obsmtp.com [64.18.2.165]) by ietfa.amsl.com (Postfix) with ESMTP id 53FC11AE3E0 for <dhcwg@ietf.org>; Sun, 1 Dec 2013 21:13:31 -0800 (PST)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob106.postini.com ([64.18.6.12]) with SMTP ID DSNKUpwW+eC+y1P8KtjegzUPKGOEEE4nQVCa@postini.com; Sun, 01 Dec 2013 21:13:29 PST
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 038F01B82C3 for <dhcwg@ietf.org>; Sun, 1 Dec 2013 21:13:28 -0800 (PST)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id CFB62190043; Sun, 1 Dec 2013 21:13:27 -0800 (PST)
Received: from [10.0.10.40] (192.168.1.10) by CAS-01.WIN.NOMINUM.COM (192.168.1.100) with Microsoft SMTP Server (TLS) id 14.3.158.1; Sun, 1 Dec 2013 21:13:27 -0800
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Ted Lemon <ted.lemon@nominum.com>
In-Reply-To: <20131202044734.B78E0406060@ip-64-139-1-69.sjc.megapath.net>
Date: Mon, 2 Dec 2013 00:13:17 -0500
Content-Transfer-Encoding: quoted-printable
Message-ID: <D5CCC8A9-10FF-4D57-AB42-D39AB4D8730F@nominum.com>
References: <20131202044734.B78E0406060@ip-64-139-1-69.sjc.megapath.net>
To: Hal Murray <hmurray@megapathdsl.net>
X-Mailer: Apple Mail (2.1822)
X-Originating-IP: [192.168.1.10]
Cc: NTP Working Group <ntpwg@lists.ntp.org>, Bernie Volz <volz@cisco.com>, "dhcwg@ietf.org WG" <dhcwg@ietf.org>
Subject: Re: [dhcwg] [ntpwg] Fwd: New Version Notification for draft-ogud-dhc-udp-time-option-01.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Dec 2013 05:13:33 -0000

On Dec 1, 2013, at 11:47 PM, Hal Murray <hmurray@megapathdsl.net> wrote:
> Does DNS using DNSSEC return a specific error code for time-invalid?  Or just 
> a generic didn't-work?

A response with a bad clock fails to validate, which is the same as no response.

> How close does the time have to be for DNSSEC to work?

Closer than 1970.

> Could this problem be solved by setting up a bank of NTP servers at well 
> known IP Addresses?  Say, one next to each root DNS server.  If you tried to 
> do that, I'd expect a serious problem would be overload because idiots would 
> try to use them for normal NTP use rather than just getting off the ground.  
> It might be possible to discourage that by making them return crappy time.

History suggests otherwise.   If an IP address is hardcoded, it will get pummeled by devices that are too dumb to give up.

> Most ISPs already provide DNS servers for their customers.  How do their IP 
> address get setup in home routers?  Could NTP servers piggyback on that 
> mechanism if ISPs also provided NTP servers?

You mean DHCP?   Yes, that's what we're talking about.