From a33489a7aa6cd8f42c48f23b193e75fa8156b71f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 7 Jan 2020 16:24:35 +0000
Subject: [PATCH] unbound: Try to set time when DNS is not working

Since DNSSEC relies on time to validate its signatures,
a common problem is that some systems (usually those without
a working RTC) are not being able to reach their time server.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/system/unbound | 39 ++++++++++------------------------
 1 file changed, 11 insertions(+), 28 deletions(-)

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index e1de95f995..42470da05a 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -52,22 +52,6 @@ read_name_servers() {
 	done < /var/ipfire/dns/servers
 }
 
-check_red_has_carrier_and_ip() {
-	# Interface configured ?
-	[ ! -e "/var/ipfire/red/iface" ] && return 0;
-
-	# Interface present ?
-	[ ! -e "/sys/class/net/$(</var/ipfire/red/iface)" ] && return 0;
-
-	# has carrier ?
-	[ ! "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ] && return 0;
-
-	# has ip ?
-	[ "$(ip address show dev $(</var/ipfire/red/iface) | grep "inet")" = "" ] && return 0;
-
-	return 1;
-}
-
 config_header() {
 	echo "# This file is automatically generated and any changes"
 	echo "# will be overwritten. DO NOT EDIT!"
@@ -276,17 +260,15 @@ get_memory_amount() {
 	done < /proc/meminfo
 }
 
-fix_time_if_dns_fail() {
-	# If DNS still not work try to init ntp with
-	# hardcoded ntp.ipfire.org (81.3.27.46)
-	check_red_has_carrier_and_ip
-	if [ -e "/var/ipfire/red/iface" -a "${?}" = "1" ]; then
-		host 0.ipfire.pool.ntp.org > /dev/null 2>&1
-		if [ "${?}" != "0" ]; then
-			boot_mesg "DNS still not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
-			loadproc /usr/local/bin/settime 81.3.27.46
-		fi
+fix_time_if_dns_fails() {
+	# If DNS is working, everything is fine
+	if resolve "ping.ipfire.org" &>/dev/null; then
+		return 0
 	fi
+
+	# Try to sync time with a known time server
+	boot_mesg "DNS not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
+	loadproc /usr/local/bin/settime 81.3.27.46
 }
 
 resolve() {
@@ -596,8 +578,6 @@ case "$1" in
 
 		# Update hosts
 		update_hosts
-
-		fix_time_if_dns_fail
 		;;
 
 	stop)
@@ -618,6 +598,9 @@ case "$1" in
 	update-forwarders)
 		update_forwarders
 
+		# Make sure DNS works at this point
+		fix_time_if_dns_fails
+
 		# Update Safe Search settings
 		update_safe_search
 		;;
-- 
2.39.5