Re: RPI4 + ntpdate + unbound
- Reply: John Kennedy : "Re: RPI4 + ntpdate + unbound"
- Reply: Ronald Klop : "fakertc - Re: RPI4 + ntpdate + unbound"
- In reply to: Peter Jeremy : "Re: RPI4 + ntpdate + unbound"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 07 Jul 2022 10:56:05 UTC
On 7/6/22 11:47, Peter Jeremy wrote: > On 2022-Jul-01 21:02:05 -0700, John Kennedy <warlock@phouka.net> wrote: >> So I've got a RPI4 (no system time stored in NVRAM) that I did a stock >> type FreeBSD install on setting the time with ntpdate and the unbound >> DNS server (aiming for DNSSEC). As many people have noted before me, >> that setup is sort of broken because you can't look up DNSSEC hosts if >> you think it's 1970. No NTP time servers == no date reset == no DNS. > > If you're running UFS, the system clock should get set to the timestamp > in the superblock. That will be the last sync before the previous > shutdown so it'll be minutes to hours out of date but that should be > recent enough for DNSSEC to work. > > Note that this only works on UFS - see > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254058 > > As an alternative option, the RTC in both the Rock64 and RockPro64 > are supported. > Based on this idea I created a /etc/rc.d/fakertc script. It saves the datetime on shutdown and restores it early on boot. Not polished yet. But it works on my RPI4 14-CURRENT. With this script the time does not go backwards in the logs anymore. And it should provide a more reasonable time for validating certificates in DNSSEC/ipsec or similar processes before ntpdate kicks in. Regards, Ronald.