More DNS(SEC)/NTP resilience after power fail

Feature Requests
1

Problem
I recently had a power fail for several hours. After that, the DNS server of the pi-hole wasn’t working correctly anymore. dig google.com returned status SERVFAIL, but dig @8.8.8.8 google.com worked.
The root cause seemed to be the wrong system time on the pi-hole. I guess DNSSEC does not work without correct settings. The pity was, the pi has no realtime clock and NTP sync is configured to use server names instead of ip addresses per default (both in /etc/systemd/timesyncd.conf and in the pi-hole NTP.SYNC.SERVER).
As my fritzbox can act as NTP server, I configured it and everything worked again.

Feature Request
Please add a hint that DNSSEC will not work without correct system time and in case of a power fail, NTP needs to work without DNS. Add a hint how to configure NTP, especially with routers that can act as NTP server for their local network. Other solution: Add a RT clock to your pi.

2

Change the nameserver used by your Pi to a non-DNSSEC public nameserver. Then, regardless of the time setting on the Pi, it can always reach a time server.

3

yes, that is also a solution. But this is not my point. The web ui does not guide the user to setup a configuration that will also work in case of a power fail. There are a lot of caveats at the DNSSEC checkbox, but not for this case. And the user will run inevitably into it if the router does apply the same DNS server to all clients, including the pi-hole, automatically (which might be a common default strategy)