Chicken-egg problem: rpi + pi-hole + unbound (dnssec) + ntp

This question might be due to a lack of knowledge on my part, but I wanted to discuss this here to find out of there is a solution.

I'm using an rpi3 with pi-hole and unbound as a local recursive resolver. Last night (at about 3am), my sideways-hanging rpi soc finally lost its grip on the heatsink and it slid off, resulting in an overheating situation locking up my rpi.

After a reboot this morning, DNS didn't work. I tried to trace the issue and saw that unbound worked fine for the test domains, but looking up via nslookup on the pi-hole gave a SERVFAIL reply. Checking the pi-hole logs I found BOGUS replies for I read somewhere that this might be due to a mismatch in time. And sure enough, my rpi's local time was set to about an hour after the lock-up.

I tried to reset the time by doing a raspi-config but that did not result in a different time setting. That got me thinking: the rpi probably leans on DNS to access the NTP servers, but DNSSEC relies on a properly set time to validate DNS records.

How does one prepare for a scenario such as the one I experienced? Configure the NTP client to also include a static IP in case DNS fails? I can't think of a solution yet. Does anyone have suggestions?

I'm not sure if unbound is a part of the problem here. After all, it is pi-hole that is configured to enable DNSSEC. But I'll leave its involvement in the description for completeness.

Change the nameserver the Pi uses to something other than either the loopback IP or the Pi-hole IP. Set it to Cloudflare, Google, Quad 9 (or whatever other nameserver you like). This allows the Pi to always reach a time server even if the time is incorrect on the device.

This is a good solution. Since the pi-hole acts as a DHCP server in most deployments or it has at least a static IP address, the DNS config can be static as well and differ from the config that its clients have. Thanks!