DNSSEC validating resolver on machines without RTC or wrong date
Jaap Akkerhuis
jaap at NLnetLabs.nl
Sun Apr 16 09:40:34 UTC 2023
Petr Menšík via Unbound-users writes:
> Hi unbound users,
>
> I maintain unbound on Fedora and RHEL. I met some question on some
> Fedora channel about problems with NTP service. It turned out the
> problem of that user lied were in DNSSEC validating resolver and wrong
> time on his machine. Like significantly wrong date, which made DNSSEC
> validation fail because some timestamp on RRSIG did not fail.
I'm used to run ntpdate pb t boottim, before stratng ntpd or unbound.
That seems to avpid the problem most of the time unless your machine
is really out of wack.
jaap
More information about the Unbound-users
mailing list