On Thu, Jun 20, 2019 at 6:46 AM Otto Moerbeek <o...@drijf.net> wrote:
> Hi, > > I have been working on a nice feature that improves startup behaviour of > ntpd. > > Summary: make sure you have at least one constraint source configured > and use no options. ntpd will set the clock if needed, even if you > machines has no battery backed up clock and is running a DNSSEC > validating resolver. > > Previoulsy, using constraints or a DNSSEC validating resolver would > break initial time setting, since doing https certificate and DNSSEC > validation requires a proper clock. An we do not have that in above > circumstances. > > In addition to previous work from jsing@ regarding https certificate > validation my commits enable time bootstrapping in these adverse > conditions. > > You want to stop using -s if you did, since the new method is more > robust and more secure. (-s trusts any ntp reply, while the new > automatic mode only does so if several ntp replies were validated). > > The last commit was a few hours ago, upcoming snaps should have all > the nice things. > > -Otto > > > It works here (complied from source). Device go back to right time after Destroying date at boot and only accepting DNSSEC . snaps# date Thu Jun 20 15:52:57 CEST 2019 snaps# uptime 3:52PM up 2 mins, 1 user, load averages: 0.07, 0.04, 0.01 snaps# head /etc/rc # $OpenBSD: rc,v 1.537 2019/05/10 13:29:21 guenther Exp $ # System startup script run by init on autoboot or after single-user. # Output and error are redirected to console by init, and the console is the # controlling terminal. date 201806041030.00 # Turn off Strict Bourne shell. Best. -- -- --------------------------------------------------------------------------------------------------------------------- Knowing is not enough; we must apply. Willing is not enough; we must do