netwatch-dns: disable DoH if time not sync...

... as it is possible that time is off, DNS via DoH fails (cert invalid), and finally syncing time fails due to failing DNS.
author: Christian Hesse <mail@eworm.de> 2024-08-17 21:53:10 +0200
committer: Christian Hesse <mail@eworm.de> 2024-08-19 15:10:37 +0200
commit: d360cc05becf4363aef07db652e39dd1315a2875 (patch)
tree: 3e379b2adaf43b4653b4709d5cc01cfc319b3230
parent: f952ea73e64c167e44ecfd2812c42a1c0b4e9429 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc
index 9635be6..e205081 100644
--- a/netwatch-dns.rsc
+++ b/netwatch-dns.rsc
@@ -16,6 +16,8 @@
 
   :global CertificateAvailable;
   :global EitherOr;
+  :global IsDNSResolving;
+  :global IsTimeSync;
   :global LogPrint;
   :global ParseKeyValueStore;
   :global ScriptLock;
@@ -67,6 +69,12 @@
   :local DohCurrent [ /ip/dns/get use-doh-server ];
   :local DohServers ({});
 
+  :if ([ :len $DohCurrent ] > 0 && [ $IsDNSResolving ] = false && [ $IsTimeSync ] = false) do={
+    $LogPrint info $ScriptName ("Time is not sync, disabling DoH: " . $DohCurrent);
+    /ip/dns/set use-doh-server="";
+    :set DohCurrent "";
+  }
+
   :foreach Host in=[ /tool/netwatch/find where comment~"\\bdoh\\b" status="up" ] do={
     :local HostVal [ /tool/netwatch/get $Host ];
     :local HostInfo [ $ParseKeyValueStore ($HostVal->"comment") ];
author	Christian Hesse <mail@eworm.de>	2024-08-17 21:53:10 +0200
committer	Christian Hesse <mail@eworm.de>	2024-08-19 15:10:37 +0200
commit	d360cc05becf4363aef07db652e39dd1315a2875 (patch)
tree	3e379b2adaf43b4653b4709d5cc01cfc319b3230
parent	f952ea73e64c167e44ecfd2812c42a1c0b4e9429 (diff)