resolution fails when the date of the server is more than 2 days late
ondrej at caletka.cz
Mon Mar 2 07:47:54 UTC 2020
> Is there a way to prevent this behaviour from unbound, and get at least
> ntp.org resolved when there is a serious clock drift ?
according to unbound.conf(5):
> val-override-date: <rrsig-style date spec>
> Default is "" or "0", which disables this debugging feature. If enabled by giving a
> RRSIG style date, that date is used for verifying RRSIG inception and expiration dates,
> instead of the current date. Do not set this unless you are debugging signature incep‐
> tion and expiration. The value -1 ignores the date altogether, useful for some special
So I guess the way out is to boot the device with `val-override-date:
-1` and after the clock is synchronized (which should be signalled by
NTP). The other option is to declare NTP server domain as insecure.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Unbound-users