resolution fails when the date of the server is more than 2 days late
Chriztoffer Hansen
chriztoffer at netravnen.de
Mon Mar 2 11:17:25 UTC 2020
On Mon, 2 Mar 2020 at 07:59, dy1977--- via Unbound-users
<unbound-users at lists.nlnetlabs.nl> wrote:
> I could do that by setting the ip address of ntp.org somewhere, but if
> this ip address changes one day, the system will fail again, so I don't
> like it.
Have you considered this approach?
https://wiki.mikrotik.com/wiki/Manual:Scripting-examples#Allow_use_of_ntp.org_pool_service_for_NTP
Resolve the DNS records on a regular interval, e.g. once a week or
once a month. And use the resolved IP addresses for hardcoding the NTP
upstream servers?
0.pool.ntp.org
1.pool.ntp.org
2.pool.ntp.org
3.pool.ntp.org
This will ensure you can always sync the NTP clock locally, even if
your recursive resolver fails due to time-drifting. And you will
always have consistent, working IP addresses stored for upstream NTP
synchronization refreshed on regular intervals.
Placing a script file in /etc/cron.weekly or /etc/cron.monthly can do
the task of updating your local ntpd.conf file and
reloading/restarting the ntp daemon.
$ dig A +answer +nocmd +nomultiline +nocomments 0.pool.ntp.org | grep
-v '^;' | grep -E -o
"\b[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\b"
ipv4_n1
ipv4_n2
ipv4_n3
ipv4_n4
--
Chriztoffer
More information about the Unbound-users
mailing list