DNSSEC validating resolver on machines without RTC or wrong date
Sandro
lists at penguinpee.nl
Tue Apr 18 00:08:21 UTC 2023
On 16-04-2023 00:48, Petr Menšík via Unbound-users wrote:
> I would like to ask opinions how this should be fixed to autocorrect
> auto-magically. I am aware unbound is more usually used on servers,
> which should keep time synced on boot and are not powered off for
> extended time. But I think it is a good choice also for workstations.
I ran into a similar issue running Unbound as my external resolver on a
Pi 3, which does not have an RTC.
I solved it by configuring chrony with a static IP address for the
initial sync:
server 2a00:d78:0:712:94:198:159:10 iburst
The pool servers are configured as follows:
server 2.nl.pool.ntp.org iburst prefer
That means the pool servers will be used, overwriting the static IP, as
soon as resolving the addresses works.
I also added -s and -r to the options in /etc/sysconfig/chronyd for
mitigating the absence of an RTC.
While that is not auto-magic, it works well for me. The Pi's IP
addresses are all statically configured. It does not use DHCP, but
provides it to the network.
-- Sandro
More information about the Unbound-users
mailing list