DNSSEC causes problem


#1

I have installed Pi-hole in my raspberry pi 3 model which has Raspbian Stretch. The problem I have faced is if I shut down the system or there is a power outage, I can longer access websites on the internet. After a lot of experimenting, I have found that DNSSEC is the cause for that. If I stop DNSSEC, by unchecking the “Use DNSSEC” in the web interface or by editing “/etc/pihole/setupVars.conf”, I can connect to the internet once again. Afterward, even if I enable DNSSEC again I don’t lose the internet connection (unless I shutdown the system cause then I would have to repeat the whole process again).
Can anyone explain to me why this is happening?


#2

Sounds like “the clock/time on the Pi is incorrect”.

There are several posts, for example


#3

As @mibere noted, the problem is not with DNSSEC, but with the time on your Pi. The authentication process in DNSSEC requires the time to be accurate.

Pi’s do not have an onboard clock and rely on external time servers to keep their time accurate. When you shutdown your Pi or have a power outage, this is causing the problem.

If you put the Pi on a UPS (to protect against power outages) and don’t shut it down, you won’t have this time problem.

You can also buy an add-on clock for a Pi that has a small battery. This is one example:


#5

How do I do this?


#6

You have several ways

  • do not shutdown the Pi (as DNS server my one runs 24hrs a day)
  • let DNSSEC disabled in Pi-hole
  • follow this guide. for help contact @jpgpi250
  • buy and install a real time clock
  • buy and use a UPS (I use a APC BE700G-GR)

#7

I was actually asking about the steps of doing this as I can do it right away.