On 4/23/15, Kurt Roeckx <k...@roeckx.be> wrote: > Package: tlsdate > Version: 0.0.12-2 > Severity: grave > > Hi, > > I found this in my syslog today: > Apr 23 16:09:23 intrepid tlsdated[3408]: [event:action_run_tlsdate] > requested re-run of tlsdate while tlsdate is running > Apr 23 16:09:23 intrepid tlsdated[3408]: [event:action_tlsdate_status] > invalid time received from tlsdate: 3466176706 > Apr 23 16:09:39 intrepid tlsdated[3408]: [event:action_tlsdate_status] > invalid time received from tlsdate: 2110302677 > Apr 23 16:09:40 intrepid tlsdated[3408]: [event:action_run_tlsdate] > requested re-run of tlsdate while tlsdate is running > Apr 23 16:09:40 intrepid tlsdated[3408]: [event:action_tlsdate_status] > invalid time received from tlsdate: 198483556 > Apr 23 16:09:48 intrepid tlsdated[3408]: [event:action_tlsdate_status] > invalid time received from tlsdate: 42183177 > Apr 23 16:09:53 intrepid tlsdated[3408]: [event:action_tlsdate_status] > invalid time received from tlsdate: 3462611409 > Apr 23 16:09:58 intrepid tlsdated[3408]: [event:action_tlsdate_status] > invalid time received from tlsdate: 3695382819 > Apr 23 16:10:02 intrepid tlsdated[3408]: [event:action_run_tlsdate] > requested re-run of tlsdate while tlsdate is running > Apr 23 16:10:02 intrepid last message repeated 4 times > Apr 23 16:10:02 intrepid tlsdated[3408]: [event:action_tlsdate_status] > invalid time received from tlsdate: 404492764 > Apr 23 16:10:03 intrepid tlsdated[3408]: [event:action_run_tlsdate] > requested re-run of tlsdate while tlsdate is running > Apr 23 16:10:03 intrepid tlsdated[3408]: [event:action_tlsdate_status] > invalid time received from tlsdate: 2661297035 > Apr 23 16:10:04 intrepid tlsdated[3408]: [event:action_tlsdate_status] > invalid time received from tlsdate: 2210707233 > Apr 23 16:10:04 intrepid tlsdated[3408]: [event:action_tlsdate_status] > invalid time received from tlsdate: 3820078853 > Apr 23 16:10:05 intrepid tlsdated[3408]: [event:action_run_tlsdate] > requested re-run of tlsdate while tlsdate is running > Apr 23 16:10:05 intrepid tlsdated[3408]: [event:action_run_tlsdate] > requested re-run of tlsdate while tlsdate is running > Oct 4 11:10:36 intrepid tlsdated[3415]: synced rtc to sysclock > Oct 4 11:10:36 intrepid named[13844]: error (no valid DS) resolving > 'ns2.mail.ru/A/IN': <unknown address, family 57054> > Oct 4 11:10:36 intrepid tlsdated[3408]: [event:handle_time_setter] time set > from the network (1570180236) > Oct 4 11:10:36 intrepid named[13844]: validating @0x7fc5f88d97c0: . DNSKEY: > verify failed due to bad signature (keyid=19036): RRSIG has expired > Oct 4 11:10:36 intrepid named[13844]: validating @0x7fc5f88d97c0: . DNSKEY: > unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a > trusted key for '.' > Oct 4 11:10:36 intrepid named[13844]: validating @0x7fc5f88d97c0: . DNSKEY: > please check the 'trusted-keys' for '.' in named.conf. > > That would be Oct 4 2019. >
Hi Kurt, Could you detail which host you're using to fetch the time? I suspect that it clearly is one that randomizes the time field (makes sense, many do now, including the default one). Also it looks like tlsdate failed closed many times until the server gave a mostly reasonable answer. :) Could you post your config? Or if not the config, could you try a known not randomized server and confirm that my theory is correct? -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
