You have filtered ntpd so much that it can't do the job it wants to do.
Andy Goblins <andygoblins@gmx.com> wrote:
> > From: "Theo de Raadt" <deraadt@openbsd.org>
> >
> > ntpd is run by default, and magically will correct the time almost immediately.
> >
> > Some significant effort went into this a few years ago.
> >
> > However, the kernel message will always be there. You can ignore it.
> >
> > Run ntpctl -s all, and you'll see the time has been corrected before
> > significant daemons start.
>
> ntpd is running, but the clock isn't getting corrected before significant daemons start. In fact, it's causing other daemons, like unbound, to fail.
> $ ntpctl -s all
> 5/5 peers valid, constraint offset 5355740s, clock unsynced, clock offset is 5355739014.329ms
> ...
>
> /var/messages:
> Oct 4 21:20:24 hostname ntpd[61157]: ntp engine ready
> Oct 4 21:20:25 hostname ntpd[61157]: constraint reply from 9.9.9.9: offset 5355740.057722
> Oct 4 21:20:26 hostname unbound: [98456:0] notice: init module 0: validator
> Oct 4 21:20:26 hostname unbound: [98456:0] notice: init module 1: iterator
> Oct 4 21:20:26 hostname unbound: [98456:0] info: start of service (unbound 1.11.0).
> Oct 4 21:20:27 hostname ntpd[61157]: cancel settime because dns probe failed
> Oct 4 21:20:27 hostname unbound: [25295:1] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
> ...
>
> Does ntpd need DNS to set the time? Because my reslov.conf points to 127.0.0.1 and unbound needs the time before it will work properly.
No comments:
Post a Comment