Re: [CentOS] What besides Postfix should not start until system time set?

On 04/20/2017 02:00 PM, Robert Moskowitz wrote:

So I have learned that Postfix should delay until Chronyd has moved the system time from 0 to current.

What other services need to be delayed?

Apache? Bind?

Of course if this is a nameserver, Chronyd will probably not be able to resolve the NTP server addresses until Bind is running!

thanks

I use unbound on all my servers listening only on the localhost, not sure if it needs the current time to be accurate when it starts or not but it never seems to be an issue.

I'm of the opinion every server should have locally provided DNSSEC enforcing DNS services simply because it takes away a potential attack vector to have local DNS queries stay local.