On Sat, Nov 23, 2024 at 10:55:35AM +0100, Havard Eidnes wrote: > > From /var/run/rc.log: > > > > [running /etc/rc.d/ntpdate] > > Setting date via ntp. > > Exiting, name server cannot be used: Temporary failure in name > > resolution (2)/etc/rc.d/ntpdate exited with code 1 > > > > From /etc/rc.conf: > > > > ntpd=YES ## 'ntp' == Network TIME Protocal > > ntpdate=YES ntpdate_hosts="2.netbsd.pool.ntp.org" > > > > What is wrong with these lines in rc.conf ?? > > They create a circular dependency. > > DNS name resolution these days in many cases rely on DNSSEC. > xDNSSEC depends on a semi-accurate local clock on your DNS > recursive server, and if that is "yourself", something you don't > have if your battery cell for your real-time clock chip is toast. > If you don't have semi-accurate time already, you will get DNS > name lookup errors (SERVFAIL, typically), and ntpdate ends up not > being able to set the clock to fix the underlying issue for the > DNS lookups. > > In many cases I use IP addresses in ntp.conf but obviously you > can just supply a list of IP addresses in ntpdata_hosts as well > if you prefer to break the circular dependency.
It's also worth mentioning that /etc/rc.d/ntpdate will parse /etc/ntp.conf for servers to use, so it's essentially redundant to configure the same NTP servers in ntp.conf and /etc/rc.conf ntpdate_hosts. So, if you run into the DNSSEC issue he@ describes, a workaround could be setting an IP address in ntpdate_hosts and different NTP servers in /etc/ntp.conf (if not using the default NetBSD servers pool). Or, as he@ also mentioned, use IP addresses only in ntp.conf. Cheers, sr.
