[Feature Request] Bypass DoT/DoH for NTP servers

[Alex M]

Hello!

Currently I’m experiencing the problem with NTP and DoT/DoH on my Keenetic Speedster (KN-3010) v3.6.10.

Sometimes I turn off the router before the night or weekend. I believe it is normal for consumer grade hardware to not forced to be on 24/7/365.

And when I turn it on sometimes, not always, there’s no internet access (websites are not working on any device in local network).

When I check the logs, there’s a repeating error about DoT/DoH not being able to validate TLS-certificate and NTP messages about unable to sync time with 0.pool, 1.pool and etc.

My assumption is that is a chicken and egg problem. So the loop is the following:

Local time is wrong on startup -> Need to sync NTP -> Need to start up DoT/DoH (at least for resolving NTP hostnames) -> Unable to do that (TLS-certificate for DoT/DoH services doesn’t validate because of wrong local time) -> Unable to sync time

Please, consider bypassing DoT/DoH for NTP servers.

Thank you!

[Anio Nimov]

Add Cloudflare NTP 162.159.200.1 and 162.159.200.123 by ip. They may change, but likely not frequently.

You can add nameserver by ip for a domain "ntp.org"  - some of the following  for example:

$$$dig  +short c.ntpns.org A
89.40.214.141
212.12.50.229
45.11.105.142
46.227.203.69
50.116.32.247
$$$dig  +short b.ntpns.org A
102.130.49.148
185.120.22.23
$$$dig  +short a.ntpns.org A
185.209.85.151
45.79.130.187
185.134.197.79
185.209.84.218
185.126.112.98
212.25.19.23