> From: "Theo de Raadt" <dera...@openbsd.org> > > ntpd is run by default, and magically will correct the time almost > immediately. > > Some significant effort went into this a few years ago. > > However, the kernel message will always be there. You can ignore it. > > Run ntpctl -s all, and you'll see the time has been corrected before > significant daemons start.
ntpd is running, but the clock isn't getting corrected before significant daemons start. In fact, it's causing other daemons, like unbound, to fail. $ ntpctl -s all 5/5 peers valid, constraint offset 5355740s, clock unsynced, clock offset is 5355739014.329ms ... /var/messages: Oct 4 21:20:24 hostname ntpd[61157]: ntp engine ready Oct 4 21:20:25 hostname ntpd[61157]: constraint reply from 9.9.9.9: offset 5355740.057722 Oct 4 21:20:26 hostname unbound: [98456:0] notice: init module 0: validator Oct 4 21:20:26 hostname unbound: [98456:0] notice: init module 1: iterator Oct 4 21:20:26 hostname unbound: [98456:0] info: start of service (unbound 1.11.0). Oct 4 21:20:27 hostname ntpd[61157]: cancel settime because dns probe failed Oct 4 21:20:27 hostname unbound: [25295:1] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN ... Does ntpd need DNS to set the time? Because my reslov.conf points to 127.0.0.1 and unbound needs the time before it will work properly.