resolution fails when the date of the server is more than 2 days late

dy1977 at dy1977 at
Mon Mar 2 17:34:39 UTC 2020

Hello guys,

thanks a lot for so many answers in such a short time ! They confirm the 
question is not so simple.

I will just explain here why some of them cannot be used for me.

I am using unbound in an Internet router which will be deployed in 
several places in different countries. That's why the LAN approach will 
not work because I cannot guess the LAN configuration of each installation.

To achieve a relatively fail proof system, we have always two routers in 
each location, one working 24/7, the other just waiting to replace it in 
case of failure. This second unit may stay on a shelf for years, and 
once it will be necessary, the battery of the RTC will possibly be dead. 
This makes the RTC option useless, unless we maintain this unit working 
all the time, but then it may fail without notice and not be ready the 
day we need it.

I think, from all your answers, that the good approach for us will be a 
script, ran some time after boot which would do :

- check the situation with ntpstat
- if synchronisation did not occur since start :
          unbound-control -set_option "val-override-date: -1"
- wait a moment and check again
- if OK :
           unbound-control -set_option "val-override-date: 0"
           and exit
- otherwise loop.

It is not tested yet, but I think the exposition to unsafe situations is 
really minimal.

Does this justify the resurrection of Joe Abley's idea ? I don't know. 
You will see.

Thanks a lot to all


More information about the Unbound-users mailing list