You have filtered ntpd so much that it can't do the job it wants to do.
Andy Goblins <[email protected]> wrote: > > From: "Theo de Raadt" <[email protected]> > > > > ntpd is run by default, and magically will correct the time almost > > immediately. > > > > Some significant effort went into this a few years ago. > > > > However, the kernel message will always be there. You can ignore it. > > > > Run ntpctl -s all, and you'll see the time has been corrected before > > significant daemons start. > > ntpd is running, but the clock isn't getting corrected before significant > daemons start. In fact, it's causing other daemons, like unbound, to fail. > $ ntpctl -s all > 5/5 peers valid, constraint offset 5355740s, clock unsynced, clock offset is > 5355739014.329ms > ... > > /var/messages: > Oct 4 21:20:24 hostname ntpd[61157]: ntp engine ready > Oct 4 21:20:25 hostname ntpd[61157]: constraint reply from 9.9.9.9: offset > 5355740.057722 > Oct 4 21:20:26 hostname unbound: [98456:0] notice: init module 0: validator > Oct 4 21:20:26 hostname unbound: [98456:0] notice: init module 1: iterator > Oct 4 21:20:26 hostname unbound: [98456:0] info: start of service (unbound > 1.11.0). > Oct 4 21:20:27 hostname ntpd[61157]: cancel settime because dns probe failed > Oct 4 21:20:27 hostname unbound: [25295:1] info: failed to prime trust > anchor -- DNSKEY rrset is not secure . DNSKEY IN > ... > > Does ntpd need DNS to set the time? Because my reslov.conf points to > 127.0.0.1 and unbound needs the time before it will work properly.
