unbound and ntp issuse

[Slawa Olhovchenkov]

On Fri, Jun 10, 2016 at 03:10:10PM -0400, Lowell Gilbert wrote:

> Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
> 
> > On Thu, Jun 09, 2016 at 02:31:17PM -0400, Lowell Gilbert wrote:
> >
> >> Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
> >> 
> >> > On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote:
> >> >
> >> >> Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
> >> >> 
> >> >> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote:
> >> >> >
> >> >> >> I doubt that will happen as you are asking to pollute every release
> >> >> >> installation for an edge condition when  there is numerous work arounds
> >> >> >> that would be acceptable to most.   eg two lines in rc.conf will fix the
> >> >> >> issue.
> >> >> >
> >> >> > This manual editing will be required by every install on RPi, for
> >> >> > example.
> >> >> 
> >> >> No, it won't. Most people will just give the system a valid DNS
> >> >> configuration, and the clock will not be an issue.
> >> >
> >> > What invalid in my DNS configuration?
> >> 
> >> You said that you configured 127.0.0.1 as your DNS server. You didn't
> >> say how (or rather where) you did that, but if you had used the address
> >> of a working upstream recursive server, I suspect there wouldn't have
> >> been any problem.
> >
> > Configuring 127.0.0.1 as DNS server and enabling loacal_unbound cause
> > unbound acts as recursive resolver. This is conventional setup.
> > ("No forwarders found in resolv.conf, unbound will recurse."
> > -- from /usr/sbin/local-unbound-setup)
> 
> I'll check on it if I get a chance.
> 
> > Using upstream recursive server with local unbound will cause same
> > problem, IMHO, because unbound will be enfocing DNSSEC by the same
> > way and rejecting all answers from upstream.
> 
> Well, we know that is not the case, because in that case nearly everyone
> would be having the problem.

Only in case of very incorrect time at startup (2008 year in may case,
after CMOS reset)