Going in circles without a real-time clock
Bootstrapping Time & DNSSEC / NTP Deadlocks
- Main failure mode: devices without RTC start far from real time, fail DNSSEC validation for NTP pool domains, and thus can’t reach NTP to fix their clocks.
- Some argue enabling DNSSEC on
ntp.orgundermines its mission because many clients will be badly skewed; others counter that without DNSSEC, MITM attackers can redirect NTP and feed malicious time. - Suggested workarounds:
- Temporarily disable time-based DNSSEC checks on boot.
- Use last-known-good time plus TLS certificates/OCSP ranges to narrow current time.
- Use HTTP
Dateheader for insecure but simple bootstrapping. - Use tools like
tlsdate-style approaches or Roughtime (not widely deployed yet). - OpenWrt example: start DNS with “no timecheck” until NTP syncs once.
WireGuard and Time Synchronization
- WireGuard relies on a per‑peer monotonic counter (often derived from time) for key rotation and replay protection.
- Not strictly wall‑clock synchronized, but large backward jumps or skew can break sessions; some report peers needing restarts after clock corrections.
- People try systemd ordering (start WireGuard after
time-sync.target), with uncertain reliability.
RTC Modules, GPS, and Time Servers
- Many recommend adding an RTC or GPS to Pis and routers:
- Cheap I2C RTCs (~$1) work well for most, but others report fragile hardware.
- GPS + PPS gives microsecond‑level accuracy; several run Pi-based stratum‑1 servers.
- Projects exist that bundle overlayFS, GPS, and chrony to make robust time servers.
- Counterpoint: RTCs add BOM cost, board space, batteries, and still have drift/failure modes; some designs intentionally omit them and rely on network time.
Raspberry Pi Ecosystem & Reliability
- Repeated complaints about:
- Lack of RTC on older Pis and Pi 5 requiring a separate battery.
- SD card corruption under write‑heavy workloads; mitigations include overlayFS, high‑endurance cards, or moving OS to USB/NVMe.
- Some claim Pis are increasingly unsuitable for “production” compared to small x86 PCs; others are happy using them as low‑power desktops, GPIO controllers, and NTP servers.
DHCP and Other Time-Bootstrapping Ideas
- Several want DHCP to provide a coarse current timestamp for RTC‑less devices.
- Critics note time is more security‑sensitive than IP configuration; trusting DHCP time can enable certificate abuse.
- Proposed compromise: treat DHCP-supplied time as a one‑shot bootstrap, bounded by other local timestamps and not used for long‑term trust.