fakertc - Re: RPI4 + ntpdate + unbound

From: Ronald Klop <ronald-lists_at_klop.ws>
Date: Wed, 17 Aug 2022 15:07:48 UTC
 
Van: Ronald Klop <ronald-lists@klop.ws>
Datum: donderdag, 7 juli 2022 12:56
Aan: freebsd-arm@freebsd.org
Onderwerp: Re: RPI4 + ntpdate + unbound
> 
> On 7/6/22 11:47, Peter Jeremy wrote:
> > On 2022-Jul-01 21:02:05 -0700, John Kennedy <warlock@phouka.net> wrote:
> >>   So I've got a RPI4 (no system time stored in NVRAM) that I did a stock
> >> type FreeBSD install on setting the time with ntpdate and the unbound
> >> DNS server (aiming for DNSSEC).  As many people have noted before me,
> >> that setup is sort of broken because you can't look up DNSSEC hosts if
> >> you think it's 1970.  No NTP time servers == no date reset == no DNS.
> >
> > If you're running UFS, the system clock should get set to the timestamp
> > in the superblock.   That will be the last sync before the previous
> > shutdown so it'll be minutes to hours out of date but that should be
> > recent enough for DNSSEC to work.
> >
> > Note that this only works on UFS - see
> > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254058
> >
> > As an alternative option, the RTC in both the Rock64 and RockPro64
> > are supported.
> >
> 
> 
> Based on this idea I created a /etc/rc.d/fakertc script. It saves the datetime on shutdown and restores it early on boot.
> 
> Not polished yet. But it works on my RPI4 14-CURRENT.
> With this script the time does not go backwards in the logs anymore. And it should provide a more reasonable time for validating certificates in DNSSEC/ipsec or similar processes before ntpdate kicks in.
> 
> Regards,
> Ronald.
> 
> 
> 


Hi,

My script became a pkg: https://www.freshports.org/sysutils/fakertc .
Let me know is it is useful for you too!

Regards,
Ronald.