On Sat, 10 Oct 2020 13:48:44 +0200 (CEST) Havard Eidnes <h...@uninett.no> wrote:
> > Hi, I'm having the following issues on RPi-3 which doesn't have > > battery operated clock. This tends to happen when clock skew is > > quite large. > > > > 1. DNS resolution no longer works, as unbound(8) needs system time > > to be correct. I think this is due to "forward-tls-upstream: yes" > > option. > > I suspct that DNSSEC signature validation also fails with a clock > which is way off. RRSIG records specify a validity interval, and > it's not uncommon for that to span about a month around the > current time. > > Regards, > > - HÃ¥vard You may be right. I was going on holiday and turned off the machine. When I came back, the system clock was off by about a week. Didn't bother finding out exactly where unbound was failing to resolve DNS names, I knew right away it was something to do with the incorrect time.
