Jason Mitchell <jar%bigjar.com@localhost> writes: > Doesn't NTP refuse to start if the time difference is too great? 47 > days would definitely qualify (the max change is a few hours). If so, > then running ntpdate before NTP will fix that problem. I think You are correct, and I should have said that. I have rc.conf as ntpdate=YES ntpd=YES ntpd_chrootdir="/var/chroot/ntpd" As I hinted at earlier, I found I had to turn off dnssec for machines that were off for a long time, if one configures NTP servers by domain name, such as pools. I changed dnssec-enable no; dnssec-validation no; and named.conf has a hint. I then decided to just hard-code some preferred NTP peers IP addresses in ntp.conf, and that works without dnssec working, and once the time is right dnssec is ok again. This only happened to me when something happened to a remote RPI3 and it was powered off for a few weeks until I was able to visit and recover it. The moral of the story is that computers that run UNIX should have an RTC because certificate validation, which requires time, is now a normal part of operations.
Description: PGP signature