fakertc - Re: RPI4 + ntpdate + unbound
- In reply to: Ronald Klop : "Re: RPI4 + ntpdate + unbound"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 17 Aug 2022 15:07:48 UTC
Van: Ronald Klop <ronald-lists@klop.ws> Datum: donderdag, 7 juli 2022 12:56 Aan: freebsd-arm@freebsd.org Onderwerp: Re: RPI4 + ntpdate + unbound > > On 7/6/22 11:47, Peter Jeremy wrote: > > On 2022-Jul-01 21:02:05 -0700, John Kennedy <warlock@phouka.net> wrote: > >> So I've got a RPI4 (no system time stored in NVRAM) that I did a stock > >> type FreeBSD install on setting the time with ntpdate and the unbound > >> DNS server (aiming for DNSSEC). As many people have noted before me, > >> that setup is sort of broken because you can't look up DNSSEC hosts if > >> you think it's 1970. No NTP time servers == no date reset == no DNS. > > > > If you're running UFS, the system clock should get set to the timestamp > > in the superblock. That will be the last sync before the previous > > shutdown so it'll be minutes to hours out of date but that should be > > recent enough for DNSSEC to work. > > > > Note that this only works on UFS - see > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254058 > > > > As an alternative option, the RTC in both the Rock64 and RockPro64 > > are supported. > > > > > Based on this idea I created a /etc/rc.d/fakertc script. It saves the datetime on shutdown and restores it early on boot. > > Not polished yet. But it works on my RPI4 14-CURRENT. > With this script the time does not go backwards in the logs anymore. And it should provide a more reasonable time for validating certificates in DNSSEC/ipsec or similar processes before ntpdate kicks in. > > Regards, > Ronald. > > > Hi, My script became a pkg: https://www.freshports.org/sysutils/fakertc . Let me know is it is useful for you too! Regards, Ronald.