Hi,
I have been working on a nice feature that improves startup behaviour of
ntpd.
Summary: make sure you have at least one constraint source configured
and use no options. ntpd will set the clock if needed, even if you
machines has no battery backed up clock and is running a DNSSEC
validating resolver.
Previoulsy, using constraints or a DNSSEC validating resolver would
break initial time setting, since doing https certificate and DNSSEC
validation requires a proper clock. An we do not have that in above
circumstances.
In addition to previous work from jsing@ regarding https certificate
validation my commits enable time bootstrapping in these adverse
conditions.
You want to stop using -s if you did, since the new method is more
robust and more secure. (-s trusts any ntp reply, while the new
automatic mode only does so if several ntp replies were validated).
The last commit was a few hours ago, upcoming snaps should have all
the nice things.
-Otto
