RPI4 + ntpdate + unbound
- Reply: David Cornejo : "Re: RPI4 + ntpdate + unbound"
- Reply: Peter Jeremy : "Re: RPI4 + ntpdate + unbound"
- Reply: Daniel O'Connor: "Re: RPI4 + ntpdate + unbound"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 02 Jul 2022 04:02:05 UTC
So I've got a RPI4 (no system time stored in NVRAM) that I did a stock type FreeBSD install on setting the time with ntpdate and the unbound DNS server (aiming for DNSSEC). As many people have noted before me, that setup is sort of broken because you can't look up DNSSEC hosts if you think it's 1970. No NTP time servers == no date reset == no DNS. This example is probably terrible, but starting talk point: $ grep -E '(ntpdate|unbound)' /etc/rc.conf ntpdate_enable="YES" ntpdate_XXX_dns="8.8.8.8" ntpdate_hosts="0.freebsd.pool.ntp.org" local_unbound_enable="YES" I basically added ntpdate_XXX_dns (pick a better name) to trigger the new behavior. If it at the ntpdate_hosts are set (I needed something to feed to the /usr/bin/host program), then I build a list of IPs to feed to ntpdate bypassing unbound's DNSSEC lookup. The tee to /dev/console is just a way of showing what is processed: # /etc/rc.d/ntpdate restart Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: 0.freebsd.pool.ntp.org has address 51.89.85.70 0.freebsd.pool.ntp.org has address 23.92.64.226 0.freebsd.pool.ntp.org has address 178.62.16.103 0.freebsd.pool.ntp.org has address 130.255.77.87 XXX ntpdate_hosts -> 51.89.85.70 23.92.64.226 178.62.16.103 130.255.77.87 Setting date via ntp. 1 Jul 20:39:15 ntpdate[19554]: step time server 178.62.16.103 offset -0.006001 sec That is a totally insecure way of ingesting IPs (trusting DNS, which might potentially find a way to append shell commands). But again, just a starting point to throw ideas at. --- /usr/src/libexec/rc/rc.d/ntpdate 2022-06-25 15:39:37.070933000 -0700 +++ /etc/rc.d/ntpdate 2022-07-01 20:39:01.793869000 -0700 @@ -25,6 +25,12 @@ else {print $2}} ' < "$ntpdate_config"` fi + if [ -n " $ntpdate_XXX_dns" -a -n "$ntpdate_hosts" ]; then + host $ntpdate_hosts $ntpdate_XXX_dns + ntpdate_hosts=`host 0.freebsd.pool.ntp.org 8.8.8.8 | tee /dev/console | \ + grep 'has address' | sed -E 's/^.* has address (.*$)/\1/' | xargs` + echo "XXX ntpdate_hosts -> $ntpdate_hosts" + fi if [ -n "$ntpdate_hosts" -o -n "$rc_flags" ]; then echo "Setting date via ntp." ${ntpdate_program:-ntpdate} $rc_flags $ntpdate_hosts