From d360cc05becf4363aef07db652e39dd1315a2875 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Sat, 17 Aug 2024 21:53:10 +0200
Subject: netwatch-dns: disable DoH if time not sync...

... as it is possible that time is off, DNS via DoH fails (cert invalid),
and finally syncing time fails due to failing DNS.
---
 netwatch-dns.rsc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc
index 9635be6..e205081 100644
--- a/netwatch-dns.rsc
+++ b/netwatch-dns.rsc
@@ -16,6 +16,8 @@
 
   :global CertificateAvailable;
   :global EitherOr;
+  :global IsDNSResolving;
+  :global IsTimeSync;
   :global LogPrint;
   :global ParseKeyValueStore;
   :global ScriptLock;
@@ -67,6 +69,12 @@
   :local DohCurrent [ /ip/dns/get use-doh-server ];
   :local DohServers ({});
 
+  :if ([ :len $DohCurrent ] > 0 && [ $IsDNSResolving ] = false && [ $IsTimeSync ] = false) do={
+    $LogPrint info $ScriptName ("Time is not sync, disabling DoH: " . $DohCurrent);
+    /ip/dns/set use-doh-server="";
+    :set DohCurrent "";
+  }
+
   :foreach Host in=[ /tool/netwatch/find where comment~"\\bdoh\\b" status="up" ] do={
     :local HostVal [ /tool/netwatch/get $Host ];
     :local HostInfo [ $ParseKeyValueStore ($HostVal->"comment") ];
-- 
cgit v1.2.3-70-g09d2