search

MatthewVance / unbound-docker-rpi

Run Unbound with latest version of OpenSSL on Raspberry Pi with Docker.
MIT License
136 stars 23 forks source link

can't set correct time #23

Closed HerrFrutti closed 2 years ago

HerrFrutti commented 2 years ago

Error:


[-1227173427] unbound[1:1] error: gettimeofday: Operation not permitted

if you get the time inside the container:

root@unbound:/opt/unbound# date
Thu Jan  1 01:00:00 CET 1970
root@unbound:/opt/unbound# zdump /etc/localtime 
/etc/localtime  Fri Feb 27 19:29:32 1970 CET
root@unbound:/opt/unbound# cat /etc/timezone 
Europe/Berlin

my docker compose:

unbound:
    container_name: unbound
    image: mvance/unbound-rpi:latest
    hostname: unbound
    #ports:
    #  - "53:53/tcp"
    #  - "53:53/udp"
    volumes:
      - "./unbound:/opt/unbound/etc/unbound"
      - "/etc/timezone:/etc/timezone:ro"
      - "/etc/localtime:/etc/localtime:ro"
    networks:
      macvlan-nw:
        ipv4_address: 192.168.X.X
    restart: always

I don't know how to get the correct time inside the container...
And that leads to DNSSEC -> SERVFAIL

$ dig sigok.verteiltesysteme.net @192.168.X.X

; <<>> DiG 9.10.6 <<>> sigok.verteiltesysteme.net @192.168.X.X
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59399
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;sigok.verteiltesysteme.net.    IN  A

;; Query time: 10 msec
;; SERVER: 192.168.X.X#53(192.168.X.X)
;; WHEN: Sun Jan 09 00:14:26 CET 2022
;; MSG SIZE  rcvd: 55
HerrFrutti commented 2 years ago

- /usr/share/zoneinfo/Europe/Berlin:/etc/localtime:ro doesn't change anything...

rmartin16 commented 2 years ago

can't tell for sure....but maybe #22 can help you out

HerrFrutti commented 2 years ago

thanks. My Pi runns buster. I'll try installing bullseye tomorrow and let you know.

HerrFrutti commented 2 years ago

quick update: on ubuntu with the non rasp image it works. Right now installing bullseye and will report the result!

HerrFrutti commented 2 years ago

With Raspberry Pi OS Bullseye it works!

Only error I'm getting now:

[1641840076] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:9f::42 port 53
MatthewVance commented 2 years ago

Thank you for the update. It's an odd one, but the Bullseye upgrade does the trick. It doesn't make sense to me that a Bullseye container doesn't run on a Pi with Buster, but that was my experience.

As for the remaining error, it's a long-standing issue. I don't know how to solve it, but it doesn't appear to cause any problems beyond log noise/volume. I think it's an upstream issue that manifest with Docker, given how it treats IPv6.