> Hi, I'm having the following issues on RPi-3 which doesn't have battery > operated clock. This tends to happen when clock skew is quite large. > > 1. DNS resolution no longer works, as unbound(8) needs system time to > be correct. I think this is due to "forward-tls-upstream: yes" option.
I suspct that DNSSEC signature validation also fails with a clock which is way off. RRSIG records specify a validity interval, and it's not uncommon for that to span about a month around the current time. Regards, - HÃ¥vard
