c2db53caca
We have a chicken and egg problem: validation of DNSSEC signatures
doesn't work without a correct clock, but to set the correct clock we
need to contact NTP servers which requires resolving a hostname, which
would normally require DNSSEC validation.
Let's break the cycle by excluding NTP hostname resolution from
validation for now.
Details:
abf4e5c1d3
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
16 lines
423 B
Desktop File
16 lines
423 B
Desktop File
[Unit]
|
|
Description=Network Time Service
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=forking
|
|
PIDFile=/run/ntpd.pid
|
|
# Turn off DNSSEC validation for hostname look-ups, since those need the
|
|
# correct time to work, but we likely won't acquire that without NTP. Let's
|
|
# break this chicken-and-egg cycle here.
|
|
Environment=SYSTEMD_NSS_RESOLVE_VALIDATE=0
|
|
ExecStart=/usr/sbin/ntpd -g -p /run/ntpd.pid
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|