resolution fails when the date of the server is more than 2 days late
dy1977 at orange.fr
dy1977 at orange.fr
Mon Mar 2 17:34:39 UTC 2020
Hello guys,
thanks a lot for so many answers in such a short time ! They confirm the
question is not so simple.
I will just explain here why some of them cannot be used for me.
I am using unbound in an Internet router which will be deployed in
several places in different countries. That's why the LAN approach will
not work because I cannot guess the LAN configuration of each installation.
To achieve a relatively fail proof system, we have always two routers in
each location, one working 24/7, the other just waiting to replace it in
case of failure. This second unit may stay on a shelf for years, and
once it will be necessary, the battery of the RTC will possibly be dead.
This makes the RTC option useless, unless we maintain this unit working
all the time, but then it may fail without notice and not be ready the
day we need it.
I think, from all your answers, that the good approach for us will be a
script, ran some time after boot which would do :
- check the situation with ntpstat
- if synchronisation did not occur since start :
unbound-control -set_option "val-override-date: -1"
- wait a moment and check again
- if OK :
unbound-control -set_option "val-override-date: 0"
and exit
- otherwise loop.
It is not tested yet, but I think the exposition to unsafe situations is
really minimal.
Does this justify the resurrection of Joe Abley's idea ? I don't know.
You will see.
Thanks a lot to all
Dysmas
More information about the Unbound-users
mailing list