Date: Wed, 17 Aug 2022 17:07:48 +0200 (CEST) From: Ronald Klop <ronald-lists@klop.ws> To: Ronald Klop <ronald-lists@klop.ws> Cc: freebsd-arm@freebsd.org Subject: fakertc - Re: RPI4 + ntpdate + unbound Message-ID: <262052202.466.1660748868588@localhost> In-Reply-To: <c0b58858-5bb2-4bbd-deae-5ac3679a140b@klop.ws> References: <Yr/DPWc9Y%2Brp0J78@phouka1.phouka.net> <YsVaNqwNAdlEoHdj@server.rulingia.com> <c0b58858-5bb2-4bbd-deae-5ac3679a140b@klop.ws>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_465_1293863198.1660748868563 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Van: Ronald Klop <ronald-lists@klop.ws> Datum: donderdag, 7 juli 2022 12:56 Aan: freebsd-arm@freebsd.org Onderwerp: Re: RPI4 + ntpdate + unbound > > On 7/6/22 11:47, Peter Jeremy wrote: > > On 2022-Jul-01 21:02:05 -0700, John Kennedy <warlock@phouka.net> wrote: > >> So I've got a RPI4 (no system time stored in NVRAM) that I did a stock > >> type FreeBSD install on setting the time with ntpdate and the unbound > >> DNS server (aiming for DNSSEC). As many people have noted before me, > >> that setup is sort of broken because you can't look up DNSSEC hosts if > >> you think it's 1970. No NTP time servers == no date reset == no DNS. > > > > If you're running UFS, the system clock should get set to the timestamp > > in the superblock. That will be the last sync before the previous > > shutdown so it'll be minutes to hours out of date but that should be > > recent enough for DNSSEC to work. > > > > Note that this only works on UFS - see > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254058 > > > > As an alternative option, the RTC in both the Rock64 and RockPro64 > > are supported. > > > > > Based on this idea I created a /etc/rc.d/fakertc script. It saves the datetime on shutdown and restores it early on boot. > > Not polished yet. But it works on my RPI4 14-CURRENT. > With this script the time does not go backwards in the logs anymore. And it should provide a more reasonable time for validating certificates in DNSSEC/ipsec or similar processes before ntpdate kicks in. > > Regards, > Ronald. > > > Hi, My script became a pkg: https://www.freshports.org/sysutils/fakertc . Let me know is it is useful for you too! Regards, Ronald. ------=_Part_465_1293863198.1660748868563 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <html><head></head><body> <p><strong>Van:</strong> Ronald Klop <ronald-lists@klop.ws><br /> <strong>Datum:</strong> donderdag, 7 juli 2022 12:56<br /> <strong>Aan:</strong> freebsd-arm@freebsd.org<br /> <strong>Onderwerp:</strong> Re: RPI4 + ntpdate + unbound</p> <blockquote style="padding-right: 0px; padding-left: 5px; margin-left: 5px; border-left: #000000 2px solid; margin-right: 0px"> <div class="MessageRFC822Viewer" id="P"> <div class="MultipartMixedViewer"> <div class="TextPlainViewer" id="P.P.P1">On 7/6/22 11:47, Peter Jeremy wrote:<br /> > On 2022-Jul-01 21:02:05 -0700, John Kennedy <warlock@phouka.net> wrote:<br /> >> So I've got a RPI4 (no system time stored in NVRAM) that I did a stock<br /> >> type FreeBSD install on setting the time with ntpdate and the unbound<br /> >> DNS server (aiming for DNSSEC). As many people have noted before me,<br /> >> that setup is sort of broken because you can't look up DNSSEC hosts if<br /> >> you think it's 1970. No NTP time servers == no date reset == no DNS.<br /> ><br /> > If you're running UFS, the system clock should get set to the timestamp<br /> > in the superblock. That will be the last sync before the previous<br /> > shutdown so it'll be minutes to hours out of date but that should be<br /> > recent enough for DNSSEC to work.<br /> ><br /> > Note that this only works on UFS - see<br /> > <a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254058">https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254058</a><br /> ><br /> > As an alternative option, the RTC in both the Rock64 and RockPro64<br /> > are supported.<br /> ><br /> <br /> <br /> Based on this idea I created a /etc/rc.d/fakertc script. It saves the datetime on shutdown and restores it early on boot.<br /> <br /> Not polished yet. But it works on my RPI4 14-CURRENT.<br /> With this script the time does not go backwards in the logs anymore. And it should provide a more reasonable time for validating certificates in DNSSEC/ipsec or similar processes before ntpdate kicks in.<br /> <br /> Regards,<br /> Ronald.</div> <hr /></div> </div> </blockquote> <br /> <br /> Hi,<br /> <br /> My script became a pkg: https://www.freshports.org/sysutils/fakertc .<br /> Let me know is it is useful for you too!<br /> <br /> Regards,<br /> Ronald.<br /> </body></html> ------=_Part_465_1293863198.1660748868563--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?262052202.466.1660748868588>