Bug#783193: tlsdate: Sets time wrong
On Thu, Apr 23, 2015 at 05:31:56PM +, Jacob Appelbaum wrote: Could you detail which host you're using to fetch the time? I suspect that it clearly is one that randomizes the time field (makes sense, many do now, including the default one). Also it looks like tlsdate failed closed many times until the server gave a mostly reasonable answer. :) I was using a default config, which I think contained www.ptb.de. Could you post your config? Or if not the config, could you try a known not randomized server and confirm that my theory is correct? I purged tlsdate in the mean time. I didn't even know it was running as a daemon. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#783193: tlsdate: Sets time wrong
Package: tlsdate Version: 0.0.12-2 Severity: grave Hi, I found this in my syslog today: Apr 23 16:09:23 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Apr 23 16:09:23 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 3466176706 Apr 23 16:09:39 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 2110302677 Apr 23 16:09:40 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Apr 23 16:09:40 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 198483556 Apr 23 16:09:48 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 42183177 Apr 23 16:09:53 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 3462611409 Apr 23 16:09:58 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 3695382819 Apr 23 16:10:02 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Apr 23 16:10:02 intrepid last message repeated 4 times Apr 23 16:10:02 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 404492764 Apr 23 16:10:03 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Apr 23 16:10:03 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 2661297035 Apr 23 16:10:04 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 2210707233 Apr 23 16:10:04 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 3820078853 Apr 23 16:10:05 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Apr 23 16:10:05 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Oct 4 11:10:36 intrepid tlsdated[3415]: synced rtc to sysclock Oct 4 11:10:36 intrepid named[13844]: error (no valid DS) resolving 'ns2.mail.ru/A/IN': unknown address, family 57054 Oct 4 11:10:36 intrepid tlsdated[3408]: [event:handle_time_setter] time set from the network (1570180236) Oct 4 11:10:36 intrepid named[13844]: validating @0x7fc5f88d97c0: . DNSKEY: verify failed due to bad signature (keyid=19036): RRSIG has expired Oct 4 11:10:36 intrepid named[13844]: validating @0x7fc5f88d97c0: . DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for '.' Oct 4 11:10:36 intrepid named[13844]: validating @0x7fc5f88d97c0: . DNSKEY: please check the 'trusted-keys' for '.' in named.conf. That would be Oct 4 2019. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#783193: tlsdate: Sets time wrong
On 4/23/15, Kurt Roeckx k...@roeckx.be wrote: Package: tlsdate Version: 0.0.12-2 Severity: grave Hi, I found this in my syslog today: Apr 23 16:09:23 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Apr 23 16:09:23 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 3466176706 Apr 23 16:09:39 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 2110302677 Apr 23 16:09:40 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Apr 23 16:09:40 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 198483556 Apr 23 16:09:48 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 42183177 Apr 23 16:09:53 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 3462611409 Apr 23 16:09:58 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 3695382819 Apr 23 16:10:02 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Apr 23 16:10:02 intrepid last message repeated 4 times Apr 23 16:10:02 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 404492764 Apr 23 16:10:03 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Apr 23 16:10:03 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 2661297035 Apr 23 16:10:04 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 2210707233 Apr 23 16:10:04 intrepid tlsdated[3408]: [event:action_tlsdate_status] invalid time received from tlsdate: 3820078853 Apr 23 16:10:05 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Apr 23 16:10:05 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Oct 4 11:10:36 intrepid tlsdated[3415]: synced rtc to sysclock Oct 4 11:10:36 intrepid named[13844]: error (no valid DS) resolving 'ns2.mail.ru/A/IN': unknown address, family 57054 Oct 4 11:10:36 intrepid tlsdated[3408]: [event:handle_time_setter] time set from the network (1570180236) Oct 4 11:10:36 intrepid named[13844]: validating @0x7fc5f88d97c0: . DNSKEY: verify failed due to bad signature (keyid=19036): RRSIG has expired Oct 4 11:10:36 intrepid named[13844]: validating @0x7fc5f88d97c0: . DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for '.' Oct 4 11:10:36 intrepid named[13844]: validating @0x7fc5f88d97c0: . DNSKEY: please check the 'trusted-keys' for '.' in named.conf. That would be Oct 4 2019. Hi Kurt, Could you detail which host you're using to fetch the time? I suspect that it clearly is one that randomizes the time field (makes sense, many do now, including the default one). Also it looks like tlsdate failed closed many times until the server gave a mostly reasonable answer. :) Could you post your config? Or if not the config, could you try a known not randomized server and confirm that my theory is correct? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org