Havard Eidnes <he%uninett.no@localhost> writes: >> Hi, I'm having the following issues on RPi-3 which doesn't have battery >> operated clock. This tends to happen when clock skew is quite large. >> >> 1. DNS resolution no longer works, as unbound(8) needs system time to >> be correct. I think this is due to "forward-tls-upstream: yes" option. > > I suspct that DNSSEC signature validation also fails with a clock > which is way off. RRSIG records specify a validity interval, and > it's not uncommon for that to span about a month around the > current time. Yes, this is definitely true. I had the same issue with a machine that was off for a while. I solved this by adding a few servers by IP address, and also leaving the pool lines. The real fix is to add an RTC. While I know the PDP-11 didn't have one, and the operator would run date on boot, it's been assumed by UNIX for a long time that there is a clock. I have a clock addon for the RPI that I haven't gotten around to installing; in theory it slips over the GPIO pins and will still fit in the case. But, it does seem that with a numeric IP address in ntp.conf, things are at least mostly ok.
Attachment:
signature.asc
Description: PGP signature