DNSSEC validating resolver on machines without RTC or wrong date

Sandro lists at penguinpee.nl
Tue Apr 18 00:08:21 UTC 2023

On 16-04-2023 00:48, Petr Menšík via Unbound-users wrote:
> I would like to ask opinions how this should be fixed to autocorrect
> auto-magically. I am aware unbound is more usually used on servers,
> which should keep time synced on boot and are not powered off for
> extended time. But I think it is a good choice also for workstations.

I ran into a similar issue running Unbound as my external resolver on a 
Pi 3, which does not have an RTC.

I solved it by configuring chrony with a static IP address for the 
initial sync:

server 2a00:d78:0:712:94:198:159:10 iburst

The pool servers are configured as follows:

server 2.nl.pool.ntp.org iburst prefer

That means the pool servers will be used, overwriting the static IP, as 
soon as resolving the addresses works.

I also added -s and -r to the options in /etc/sysconfig/chronyd for 
mitigating the absence of an RTC.

While that is not auto-magic, it works well for me. The Pi's IP 
addresses are all statically configured. It does not use DHCP, but 
provides it to the network.

-- Sandro

More information about the Unbound-users mailing list