Re: RPI4 + ntpdate + unbound

From: Ronald Klop <ronald-lists_at_klop.ws>
Date: Thu, 07 Jul 2022 10:56:05 UTC
On 7/6/22 11:47, Peter Jeremy wrote:
> On 2022-Jul-01 21:02:05 -0700, John Kennedy <warlock@phouka.net> wrote:
>>   So I've got a RPI4 (no system time stored in NVRAM) that I did a stock
>> type FreeBSD install on setting the time with ntpdate and the unbound
>> DNS server (aiming for DNSSEC).  As many people have noted before me,
>> that setup is sort of broken because you can't look up DNSSEC hosts if
>> you think it's 1970.  No NTP time servers == no date reset == no DNS.
> 
> If you're running UFS, the system clock should get set to the timestamp
> in the superblock.   That will be the last sync before the previous
> shutdown so it'll be minutes to hours out of date but that should be
> recent enough for DNSSEC to work.
> 
> Note that this only works on UFS - see
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254058
> 
> As an alternative option, the RTC in both the Rock64 and RockPro64
> are supported.
> 


Based on this idea I created a /etc/rc.d/fakertc script. It saves the datetime on shutdown and restores it early on boot.

Not polished yet. But it works on my RPI4 14-CURRENT.
With this script the time does not go backwards in the logs anymore. And it should provide a more reasonable time for validating certificates in DNSSEC/ipsec or similar processes before ntpdate kicks in.

Regards,
Ronald.