Unable to synchronize system time, Pi-hole not working

Hi,

I've been trying to setup a Pi-hole using a Raspberry Pi Zero 2 W.

The problem is that every Querry results in a 'SERVFAIL', the network router also doesn't make use of the pi-hole as DNS server. I think this is because the system time is not synchronized.

I am trying to make use of this pi-hole with unbound but that doesn't seem to be the issue.
When I've tried testing DNSSEC validation using (from unbound - Pi-hole documentation)

dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335

The results matched the tutorial.

What I've done:

I've freshly installed Rasbian, hooked it up to my router and SSH'd into the Raspberry Pi, I sync up the time using the NPT-tool 'Chrony'. When this is installed and set up my system time is synchronized and accurate with no problems, even after rebooting.

Afterwards I install pi-hole, my time is still synchronized (I check this using 'timedatectl') but my pi-hole is not working. Then I reboot the system, after which my time is unsynchronized and I'm unable to get accurate time.

It seems that Pi-hole messes up the system time, when I didn't use Chrony for time synchronization I had the same problems.

I've tried using different NTP-pools/servers in /etc/chrony/conf but that hasn't made a difference:

#pool 2.debian.pool.ntp.org iburst

#pool pool.ntp.org iburst maxsources 3

server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst
server 2.europe.pool.ntp.org iburst
server 3.europe.pool.ntp.org iburst

Timedatectl output:

timedatectl
               Local time: Tue 2022-02-22 14:47:07 CET
           Universal time: Tue 2022-02-22 13:47:07 UTC
                 RTC time: n/a
                Time zone: Europe/Amsterdam (CET, +0100)
System clock synchronized: no
              NTP service: active
          RTC in local TZ: no

chronyc tracking
Reference ID    : 00000000 ()
Stratum         : 0
Ref time (UTC)  : Thu Jan 01 00:00:00 1970
System time     : 0.000000007 seconds fast of NTP time
Last offset     : +0.000000000 seconds
RMS offset      : 0.000000000 seconds
Frequency       : 1.156 ppm fast
Residual freq   : +0.000 ppm
Skew            : 0.000 ppm
Root delay      : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status     : Not synchronised

The commands 'chronyc -makestep' or restarting chronyc don't resolve the issue.

For some reason I can't upload my debug-token to tricorder.pi-hole.net so I hope I have provided enough information and can always provide more.

Run from your Zero 2, what's the output of:

dig versions.pi-hole.net

dig europe.pool.ntp.org

You just joined the community: I assume you are either new to P02 and/or Pi-hole.

You have implemented many things I have never done. e.g. I have no Idea where my -hole get's time and, from everything I've read, it needs to incorrect >1,000 seconds. I do know where Raspbian get's its time and then, should, tell Pi-hole.

You know what IT and medicine have in common?
In either case, if people change things, much too quickly, e.g more than one drug at a time, we end up guessing what caused the rash/whole thing to break down/side effects.
I use the 64 bit Bullseye on a P20. Saved it, as it worked, then added unbound...

Well, when it went sideway, I knew it was because of something I had, just, added.
The router will DNS wherever you tell it; even if the time is off between it and the software layer under it; it has no other place to go; if configured properly... (unless you have a router that lies to you) Now, your outside DNS may not cooperate BC of time.
Raspbian OS determines the time. Pi-hole is not an OS.
I suggest you, start, over again, and piecemeal changes.

Or, try to glue your china cup back together.

dig versions.pi-hole.net

; <<>> DiG 9.16.22-Raspbian <<>> versions.pi-hole.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16993
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;versions.pi-hole.net.          IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 23 00:18:52 CET 2022
;; MSG SIZE  rcvd: 49

dig europe.pool.ntp.org

; <<>> DiG 9.16.22-Raspbian <<>> europe.pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49956
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;europe.pool.ntp.org.           IN      A

;; Query time: 9 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 23 00:19:58 CET 2022
;; MSG SIZE  rcvd: 48

This is indeed my first time with Pi-hole. But I have some experience with Ubuntu from programming.

I know that it seems like I'm trying a lot of things at the same time but the problem started when I followed a simple tutorial.
The time synchronization problem has been an issue since the beginning.
I tried a lot of different things to fix the issue before posting on a forum because a lot of times there are already solutions elsewhere but I was unable to solve my problem.

This afternoon I freshly installed Rasbian on my pi to make sure I restarted on a clean slate and worked slowly to make sure everything worked along the way. Time synchronization and Unbound worked fine until I rebooted my pi after installing Pi-hole.
Without Unbound my Pi-hole didn't work as well, so that doesn't seem to be causing it.

Before using Chrony I didn't change any time-related settings and got the same results.

I've never seen RTFM in this community, so being new is fine.
Okay, Raspbian OS is based on Debian, not Ubuntu...

Are you using a VM? (sorry, stupid question: you could not do that on a P20)

I still suggest you just start from scratch: I have done it many times and I learned new things each time.
It takes about 30 minutes once you get the hang of it and when you get to the snag the community knows what worked before and after.

I mean: they can troubleshoot a messed up configuration, and they work hard to do it (best way to learn calculus is to teach it) but it is your time and when they do figure it out, you will not understand how they did it. You will have just a command that, magically fixes it.

Whereas: if you go step by step, the answer will make more sense and you will learn what happened.

edit
But, maybe, Unbound before Pi-hole is the wrong order.

I know Rasbian is not Ubuntu-based, but the terminal commands are fairly similar.

To clarify: I install Unbound after installing Pi-hole. Then I check Unbound itself directly, it works. But my Pi-hole isn't doing anything before rebooting. Problems arise after the restart.

I have tried a lot of different things, started from scratch before and I don't think restarting from scratch again and doing the same things teaches me anything. That's why I have started this post.

This is conflicting:

Along with this:

Maybe the wording isn't optimal but what I mean is: Time synchronization and Unbound work (when the Pi-hole software is installed) until I reboot (which I do after I've installed Pi-hole).

By beginning I mean when I first tried installing Pi-hole, when following a tutorial. The problem arose very quickly.

To be honest I don't think this going back and forth is bringing us anywhere. We both have different ideas, which is fine, but it doesn't resolve anything.

No, I'm sorry:

You can see that it is confusing.

People that know more than me are are going to read all of this and notice; they are pedantic, in the good way.

If if an issue is not properly phrased (now, remember, English is not the native tongue for the, three, developers) it would be very confusing.

I am, seriously, trying to help and you should understand what I just pointed out is confusing?

So, for their assistance: you had time issues the moment you installed Pi-hole. Before Unbound and you, also, had the same problem with Chrony, trying to fix it and without it?

Can you link the tutorial you followed?

edit
Are you trying to do all of this in one session, before you reboot?

I appreciate your help.

Steps are basically:
Set up Rasbian with HDMI-display. (sudo raspi-config, change hostname to 'pihole' and set country, time zone etc. and reboot).

Then I change hostname in

/etc/dhcpcd.conf

# Inform the DHCP server of our hostname for DDNS.
pihole

Then

sudo reboot

Then I enable SSH, disconnect from WiFi. Hook it to the router via ethernet. And connect to the RasPi on a Windows machine.

Tutorial steps:

Install Pi-Hole - sudo curl -sSL https://install.pi-hole.net | bash
I do all the recommended steps and set static ip-adress

Set the Web Admin Password - pihole -a -p [password]
Install Unbound DNS - sudo apt install unbound
Create Unbound Configuration File - sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf
Copy example config - https://docs.pi-hole.net/guides/dns/u...
Restart Unbound to apply Configuration - sudo service unbound restart

Test using: dig pi-hole.net @127.0.0.1 -p 5335

And test DNSSEC validation using

dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335

(first one correctly gives SERVFAIL and subsequently NOERROR.)

Then I disable Forwarding DNS in PiHole and set Custom DNS in PiHole to 127.0.0.1#5335

Then I do sudo reboot and every querry results in a SERVFAIL and time is unsynced and wrong.

This was basically my first attempt, on the second attempt I did the following:

After configuring basic Pi settings I install Chrony: sudo apt-get install chrony
and use systemctl enable --now chronyd
and sudo chronyc -a makestep

I check some things along the way and using timedatectl I see that the system clock is synchronized.

Afterwards I install pi-hole normally.

Have you configured DNSSEC enabled upstream DNS servers in the Pi-hole settings?

If so, your most likely are experiencing a chicken-egg dilemma (who is first).
NTP depends on DNS.
And DNS (with DNSSEC) depends on the correct time provided by NTP.

Have a read below:

I've never done that.
When you step through the Pi-hole setup all those 'fields' are answered.
That right there could corrupt things, but I do not write code.
It does seem to me that right after you configure your install that raspi-config could cause issues before the software has a chance to settle in.

I do not do that, I just leave the Pi-hole in an HDMI port. Too lazy to learn SSH. I've tried but it gives me headaches. I would, at least, configure everything on the monitor and then switch to SSH.

Those are a lot of changes, in different ways.

Okay, I'll have to watch that video, because you just used sudo raspi-config??? Over WiFi and then started Ethernet? And then install Pi-hole?

I'll be back tomorrow, but that seems like a confliction, right there, right then. I've never done it that way:
I install Raspbian OS, then Pi-hole, then configure, and I stay on WiFi, do not use Ethernet.
raspi-config works in the OS but it lacks access to Pi-hole when done that way/then/that order. IOW: I use raspi-config, but only after all is installed.

Someone else may have better answers by then.

Now, if you understood a word of that, I'm wrong and the people in here are not point-blank pedantic.

It is like Scientific American in here: yeah you will eventually start to understand wtf they are, pedantically (Adv) writing, but it takes time.

Well you could ask what part you dont understand?
Its always hard to guess skills on the other side.
Most of what I said can be searched on the net or here on Discourse.
This a common problem that returns frequently here and solutions are provided already.

Our installer does not set up country, time zone, or any of the system level functions.

This makes little sense. How does software "settle in"?

No I have not configured DNSSEC.

I read through the post, the issue seems very similar. But I hope I can get it to work without installing a RTC. Setting time and date manually didn't resolve my issue.

Maybe I can run a NTP server on my Pi and have my router as a NTP client? Seems like a stretch but might this resolve the issue? At least the time between both devices should be in sync.

No, english is the native tongue for more of the developers than not. Now, if you want to say that the Queen's English is not the same as American English then you have a point.

That won't work.

This thread is littered with tangents that muddy the waters so lets start again.

Raspberry Pi devices don't have a Real Time Clock onboard. So they use an application called fakehwclock to fake that facility. It writes a file with the current time when you gracefully shut down the Pi. When it starts up again it reads that file and uses that time as the start time until it can reach a way/process to update the current time (NTP). If you pull the power on the system or crash out then that file is not written and the default time sets back to what is called The Epoch (that 1970s date you often see.)

So, solutions are:

• Spend $5 and attach an RTC module.
• Use NTP servers that can be reached via IP address and don't need DNS resolution to access.
• Set the router to be an NTP server (some have that capability) and configure the Pi to use that as the NTP server.

That looks like it's the right time to me. Does a dig to 1.1.1.1 show an IP address? What port is unbound on and how have you configured Pi-hole to use unbound?