DNSSEC validating resolver on machines without RTC or wrong date

Jaap Akkerhuis jaap at NLnetLabs.nl
Sun Apr 16 09:40:34 UTC 2023

 Petr Menšík via Unbound-users writes:

 > Hi unbound users,
 > I maintain unbound on Fedora and RHEL. I met some question on some 
 > Fedora channel about problems with NTP service. It turned out the 
 > problem of that user lied were in DNSSEC validating resolver and wrong 
 > time on his machine. Like significantly wrong date, which made DNSSEC 
 > validation fail because some timestamp on RRSIG did not fail.

I'm used to run ntpdate pb t boottim, before stratng ntpd or unbound.
That seems to avpid the problem most of the time unless your machine
is really out of wack.


More information about the Unbound-users mailing list