A HUMBLE iPFiRE COMMiSSiONiNG REPORT

hello world

lucky me had the chance to decomission a ‘Black-Dwarf-Firewall’
and replace it with a ‘iPFiRE MA’
the plan was brilliant, i thought…

the parcel arrived, nice sticker btw , all was set up
the MA booted and the nice beeper signaled the ‘connected’ state.

then the drama started
systemstatus: pppoe dialin successful [1und1vdsl2business], public ip assigned
green dhcp worked
clients on green can access the NAS
printers working

but no pc nor the MA had internet access…

… stay tuned, i am OOF now, more will follow!

Hi,

for the records: IT took me a while to figure out that “IPFire MA” refers to a “mini appliance”, as sold by Lightning Wire Labs GmbH.

As far as your issue is concerned, please provide further details so we can help you:

• How exactly does “no internet access” look like? Are you running into timeouts or DNS lookup failures?
• What is the output of mtr -b -z www.ipfire.org from a Linux/BSD system placed behind your IPFire machine?
• If that does not work, what is the output of mtr -b -z 81.3.27.38?
• Do you have any firewall rules configured? If so, please post a screenshot of them.
• What does the DNS page of the web interface of your IPFire machine look like? Please also post a screenshot of it.

(I took the liberty of editing the title of your post to something more accurate.)

Thanks, and best regards,
Peter Müller

@pmueller
narp, this should not be a HELP URGENT PLEEEZE topic
just a real-life-user-experience-report, hence the humble report …

@topic
after some diag-fun it looked like a dns-problem
also the pakfire trow an error of like ‘host not found’
the only things configured [tampered] were:

• green and red interface
• pppoe profile
• dhcp
• hostname
• domainname

checking the dns page showed the culprit:
the isp assigned dns failed with reverse-looup
they are

• 82.144.41.8 dns.versatel-ost.de
  and
• 82.145.9.8 dns.versatel-sued.de

the unbboud log at this stage:

Oct 18 13:54:08 ipfire unbound: [1839:0] notice: init module 0: validator
Oct 18 13:54:08 ipfire unbound: [1839:0] notice: init module 1: iterator
Oct 18 13:54:08 ipfire unbound: [1839:0] info: start of service (unbound 1.16.3).
Oct 18 13:54:08 ipfire unbound: [1839:0] error: SERVFAIL <. DNSKEY IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:54:13 ipfire unbound: [1839:0] error: SERVFAIL <0.ipfire.pool.ntp.org. A IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:54:13 ipfire unbound: [1839:0] error: SERVFAIL <0.ipfire.pool.ntp.org. AAAA IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:54:13 ipfire unbound: [1839:0] error: SERVFAIL <0.ipfire.pool.ntp.org. A IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:54:13 ipfire unbound: [1839:0] error: SERVFAIL <0.ipfire.pool.ntp.org. AAAA IN>: failed to get a delegation (eg. prime failure)

so i added a few dnssec validating servers and changed the protocol to tcp
no luck, still no working dns. tried: tls udp tcp no luck

checking the logs for unbound showed:

Oct 18 14:03:40 ipfire unbound: [1671:0] notice: init module 1: iterator
Oct 18 14:03:40 ipfire unbound: [1671:0] info: start of service (unbound 1.16.3).
Oct 18 14:03:40 ipfire unbound: [1671:0] error: SERVFAIL <. DNSKEY IN>: failed to get a delegation (eg. prime failure)
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: service stopped (unbound 1.16.3).
Oct 18 14:03:53 ipfire unbound: [1671:0] info: server stats for thread 0: 2 queries, 0 answers from cache, 2 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Oct 18 14:03:53 ipfire unbound: [1671:0] info: server stats for thread 0: requestlist max 2 avg 1 exceeded 0 jostled 0
Oct 18 14:03:53 ipfire unbound: [1671:0] notice: Restart of unbound 1.16.3.
Oct 18 14:03:53 ipfire unbound: [1671:0] notice: init module 0: validator
Oct 18 14:03:53 ipfire unbound: [1671:0] notice: init module 1: iterator
Oct 18 14:03:53 ipfire unbound: [1671:0] info: start of service (unbound 1.16.3).
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: validation failure <. DNSKEY IN>: signature before inception date from 1.0.0.1 for trust anchor . while building chain of trust
Oct 18 14:03:53 ipfire unbound: [1671:0] info: validation failure <ping.ipfire.org. A IN>: key for validation . is marked as invalid
Oct 18 14:03:53 ipfire unbound: [1671:0] info: validation failure <0.ipfire.pool.ntp.org. A IN>: key for validation . is marked as invalid
Oct 18 14:03:53 ipfire unbound: [1671:0] info: validation failure <1.ipfire.pool.ntp.org. A IN>: key for validation . is marked as invalid
Oct 18 14:03:58 ipfire unbound: [1671:0] info: validation failure <0.ipfire.pool.ntp.org. AAAA IN>: key for validation . is marked as invalid
Oct 18 14:03:58 ipfire unbound: [1671:0] info: validation failure <0.ipfire.pool.ntp.org.lan.local. A IN>: key for validation . is marked as invalid

and there it was:
info: validation failure <1.ipfire.pool.ntp.org. A IN>: signature before inception date from 1.0.0.1 for trust anchor . while building chain of trust
the MA was a fortnight in the past
set the date via cli and it started working

lesson learned
i think i made a pretty good idiot dealing with the rollout of the MA
prooving it is not idotproof

lets asume one would see the system date and time values on the
main page, or in the footer
and what if there was a button on the ntp config page: sync with browser time
like on a 0815 tplink-accesspoint
on top of that: what if one or two ip-adresses are configured as ntp-timeservers
maybe 192.53.103.103

R.i.P. black dwarf [edelschrott]

IPFire never used to be ( and will be ) ‘idiotproof’.
This cannot be reached in this application ( firewalled internet access ).
‘Idiotproof solutions’ give you a Plug’n’Play feeling, but you not really know how secure the device is.
In this domain you should know the basics of networking etc., at least. And read the documentation ( the wiki in our project ).
BTW: the ‘0815 solutions’ realize only a limited field of the topic ‘internet access’. For flexibilty and adaptability to your needs a solution like IPFire requests some knowledge from the user.

well, to open some perspectives here, we can go on

@bbitsch
again:
this is not a: i NEED URGENT HELP PLEEEZE topic.
@pmueller
look what you have done
just let it be just a humble uncategorized report

@world
yet another marketing vs. tech/dev situation:

The primary objective of IPFire is security. Its easy to configure firewall engine and Intrusion Prevention System stops any attackers from breaking into your network.

for those who dont know: www.ipfire.org - Features

or:

Welcome to the IPFire Installation Guide. These pages will help you to install IPFire on your system. All you need is just fifteen minutes’ time and to follow these steps:

guess what: the wiki is missing the local current date and time

with this feedback here i give valuable information
to those coding ipfire they will never experience
themselfs and i am very confident
that at least one might be important.

and i am pretty confident that a smarter default config
could avoid such situation.

just to be sure:
on recent ipfire one cant get correct date/time
without working dns and cant get working dns
without correct time

You need a working internet connection on the RED interface first. Once RED is working then IPFire establishes one of its first connections to an IP address. Sorry I don’t remember if it grabs the time or DNS or something else. But it is done via IP address.

EDIT: Or I could be very wrong!

I cannot find the code segment I thought I saw. Still looking!

@jon
is your answer yes or no
the internet connection was working.
red was working.

and the log shows: time is done via dns

It is not really a "yes or “no” type question.

Here is the code segment (mostly to prove I am not totally crazy!)

Screen Shot 2022-12-03 at 5.04.57 PM1524×372 64 KB

So if DNS doesn’t work on boot, unbound should set the time via an IP address.

i posted the logs, what has the MA done all the time

to be more specific
the initial setup log:

Oct 18 11:44:07 (none) syslogd 1.5.1: restart (remote reception).
Oct 18 11:44:07 (none) kernel: igb 0000:03:00.0: added PHC on eth2
Oct 18 11:44:07 (none) kernel: igb 0000:03:00.0: Intel(R) Gigabit Ethernet Network Connection
Oct 18 11:44:07 (none) kernel: igb 0000:03:00.0: eth2: (PCIe:2.5Gb/s:Width x1) XX:XX:XX:XX:XX:26
Oct 18 11:44:07 (none) kernel: igb 0000:03:00.0: eth2: PBA No: FFFFFF-0FF
Oct 18 11:44:07 (none) kernel: igb 0000:03:00.0: Using MSI-X interrupts. 2 rx queue(s), 2 tx queue(s)
Oct 18 11:44:07 (none) kernel: pps pps3: new PPS source ptp3
Oct 18 11:44:07 (none) kernel: igb 0000:04:00.0: added PHC on eth3
Oct 18 11:44:07 (none) kernel: igb 0000:04:00.0: Intel(R) Gigabit Ethernet Network Connection
Oct 18 11:44:07 (none) kernel: igb 0000:04:00.0: eth3: (PCIe:2.5Gb/s:Width x1) XX:XX:XX:XX:XX:27
Oct 18 11:44:07 (none) kernel: igb 0000:04:00.0: eth3: PBA No: FFFFFF-0FF
Oct 18 11:44:07 (none) kernel: igb 0000:04:00.0: Using MSI-X interrupts. 2 rx queue(s), 2 tx queue(s)
Oct 18 11:44:07 (none) kernel: kvm: Nested Virtualization enabled
Oct 18 11:44:07 (none) kernel: SVM: kvm: Nested Paging enabled
Oct 18 11:44:07 (none) kernel: MCE: In-kernel MCE decoding enabled.
Oct 18 11:44:07 (none) kernel: EDAC amd64: MCT channel count: 1
Oct 18 11:44:07 (none) kernel: EDAC MC0: Giving out device to module amd64_edac controller F16h_M30h: DEV 0000:00:18.3 (INTERRUPT)
Oct 18 11:44:07 (none) kernel: EDAC amd64: F16h_M30h detected (node 0).
Oct 18 11:44:07 (none) kernel: EDAC amd64: MC: 0:  4096MB 1:     0MB
Oct 18 11:44:07 (none) kernel: EDAC amd64: MC: 2:     0MB 3:     0MB
Oct 18 11:44:07 (none) kernel: EDAC amd64: MC: 4:     0MB 5:     0MB
Oct 18 11:44:07 (none) kernel: EDAC amd64: MC: 6:     0MB 7:     0MB
Oct 18 11:44:07 (none) kernel: EDAC amd64: MC: 0:     0MB 1:     0MB
Oct 18 11:44:07 (none) kernel: EDAC amd64: MC: 2:     0MB 3:     0MB
Oct 18 11:44:07 (none) kernel: EDAC amd64: MC: 4:     0MB 5:     0MB
Oct 18 11:44:07 (none) kernel: EDAC amd64: MC: 6:     0MB 7:     0MB
Oct 18 11:44:07 (none) kernel: EDAC amd64: using x4 syndromes.
Oct 18 11:44:07 (none) kernel: EDAC PCI0: Giving out device to module amd64_edac controller EDAC PCI controller: DEV 0000:00:18.2 (POLLED)
Oct 18 11:44:07 (none) kernel: AMD64 EDAC driver v3.5.0
Oct 18 11:44:07 (none) kernel: EXT4-fs (sda4): re-mounted. Opts: (null). Quota mode: none.
Oct 18 11:44:07 (none) kernel: EXT4-fs (sda4): re-mounted. Opts: (null). Quota mode: none.
Oct 18 11:44:07 (none) kernel: EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
Oct 18 11:44:07 (none) kernel: Adding 1001964k swap on /dev/sda3.  Priority:1 extents:1 across:1001964k SSFS
Oct 18 13:45:56 (none) kernel: random: crng init done
Oct 18 13:45:56 (none) kernel: random: 9 urandom warning(s) missed due to ratelimiting
Oct 18 13:53:02 (none) kernel: igb 0000:01:00.0 green0: renamed from eth0
Oct 18 13:53:02 (none) kernel: igb 0000:04:00.0 red0: renamed from eth3
Oct 18 13:54:01 (none) kernel: Kernel logging (proc) stopped.
Oct 18 13:54:01 (none) kernel: Kernel log daemon terminating.
Oct 18 13:54:02 (none) exiting on signal 15

then i rebooted the MA and continued via the gui:

Oct 18 13:54:08 ipfire syslogd 1.5.1: restart (remote reception).
Oct 18 13:54:08 ipfire unbound: [1839:0] notice: init module 0: validator
Oct 18 13:54:08 ipfire unbound: [1839:0] notice: init module 1: iterator
Oct 18 13:54:08 ipfire acpid: starting up with netlink and the input layer
Oct 18 13:54:08 ipfire acpid: 1 rule loaded
Oct 18 13:54:08 ipfire acpid: waiting for events: event logging is off
Oct 18 13:54:08 ipfire unbound: [1839:0] info: start of service (unbound 1.16.3).
Oct 18 13:54:08 ipfire unbound: [1839:0] error: SERVFAIL <. DNSKEY IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:54:13 ipfire pppd[1971]: no device specified and stdin is not a tty
Oct 18 13:54:13 ipfire saslauthd[2041]: detach_tty      : master pid is: 2041
Oct 18 13:54:13 ipfire saslauthd[2041]: ipc_init        : listening on socket: /var/run/saslauthd/mux
Oct 18 13:54:13 ipfire ntpd[2064]: ntpd 4.2.8p15@1.3728-o Tue Oct 18 13:03:58 UTC 2022 (1): Starting
Oct 18 13:54:13 ipfire ntpd[2064]: Command line: /usr/bin/ntpd -Ap /var/run/ntpd.pid
Oct 18 13:54:13 ipfire ntpd[2064]: ----------------------------------------------------
Oct 18 13:54:13 ipfire ntpd[2064]: ntp-4 is maintained by Network Time Foundation,
Oct 18 13:54:13 ipfire ntpd[2064]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Oct 18 13:54:13 ipfire ntpd[2064]: corporation.  Support and training for ntp-4 are
Oct 18 13:54:13 ipfire ntpd[2064]: available at https://www.nwtime.org/support
Oct 18 13:54:13 ipfire ntpd[2064]: ----------------------------------------------------
Oct 18 13:54:13 ipfire ntpd[2066]: proto: precision = 0.300 usec (-22)
Oct 18 13:54:13 ipfire ntpd[2066]: basedate set to 2022-10-06
Oct 18 13:54:13 ipfire ntpd[2066]: gps base set to 2022-10-09 (week 2231)
Oct 18 13:54:13 ipfire ntpd[2066]: Listen and drop on 0 v6wildcard [::]:123
Oct 18 13:54:13 ipfire ntpd[2066]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Oct 18 13:54:13 ipfire ntpd[2066]: Listen normally on 2 lo 127.0.0.1:123
Oct 18 13:54:13 ipfire ntpd[2066]: Listening on routing socket on fd #19 for interface updates
Oct 18 13:54:13 ipfire ntpd[2066]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Oct 18 13:54:13 ipfire ntpd[2066]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Oct 18 13:54:13 ipfire unbound: [1839:0] error: SERVFAIL <0.ipfire.pool.ntp.org. A IN>: failed to get a delegation (eg. prime failure)
...
Oct 18 13:55:04 ipfire unbound: [1839:0] error: SERVFAIL <1.ipfire.pool.ntp.org.lan.local. AAAA IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:55:10 ipfire kernel: igb 0000:01:00.0 green0: igb: green0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Oct 18 13:55:11 ipfire kernel: igb 0000:01:00.0 green0: igb: green0 NIC Link is Down
Oct 18 13:55:13 ipfire kernel: igb 0000:01:00.0 green0: igb: green0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Oct 18 13:55:13 ipfire dhcpd: DHCPREQUEST for 192.168.178.51 from XX:XX:XX:XX:XX:10 via green0: wrong network.
Oct 18 13:55:13 ipfire dhcpd: DHCPNAK on 192.168.178.51 to XX:XX:XX:XX:XX:10 via green0
Oct 18 13:55:14 ipfire dhcpd: DHCPREQUEST for 192.168.178.51 from XX:XX:XX:XX:XX:10 via green0: wrong network.
Oct 18 13:55:14 ipfire dhcpd: DHCPNAK on 192.168.178.51 to XX:XX:XX:XX:XX:10 via green0
Oct 18 13:55:14 ipfire dhcpd: DHCPDISCOVER from XX:XX:XX:XX:XX:10 via green0
Oct 18 13:55:15 ipfire dhcpd: DHCPOFFER on 192.168.151.101 to XX:XX:XX:XX:XX:10 (PC) via green0
Oct 18 13:55:15 ipfire dhcpd: DHCPREQUEST for 192.168.151.101 (192.168.151.254) from XX:XX:XX:XX:XX:10 (PC) via green0
Oct 18 13:55:15 ipfire dhcpd: DHCPACK on 192.168.151.101 to XX:XX:XX:XX:XX:10 (PC) via green0
Oct 18 13:55:15 ipfire unbound: [1839:0] error: SERVFAIL <wpad.lan.local. A IN>: failed to get a delegation (eg. prime failure)
...
Oct 18 13:56:00 ipfire kernel: igb 0000:01:00.0 green0: igb: green0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Oct 18 13:56:03 ipfire kernel: igb 0000:01:00.0: exceed max 2 second
Oct 18 13:56:03 ipfire kernel: igb 0000:01:00.0 green0: igb: green0 NIC Link is Down
Oct 18 13:56:04 ipfire kernel: igb 0000:01:00.0 green0: igb: green0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Oct 18 13:56:05 ipfire dhcpd: reuse_lease: lease age 50 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.151.101
Oct 18 13:56:05 ipfire dhcpd: DHCPREQUEST for 192.168.151.101 from XX:XX:XX:XX:XX:10 (PC) via green0
Oct 18 13:56:05 ipfire dhcpd: DHCPACK on 192.168.151.101 to XX:XX:XX:XX:XX:10 (PC) via green0
Oct 18 13:56:05 ipfire dhcpd: reuse_lease: lease age 50 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.151.101
Oct 18 13:56:05 ipfire dhcpd: DHCPREQUEST for 192.168.151.101 from XX:XX:XX:XX:XX:10 (PC) via green0
Oct 18 13:56:05 ipfire dhcpd: DHCPACK on 192.168.151.101 to XX:XX:XX:XX:XX:10 (PC) via green0
Oct 18 13:56:05 ipfire unbound: [1839:0] error: SERVFAIL <PC.lan.local. SOA IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:56:05 ipfire unbound: [1839:0] error: SERVFAIL <wpad.lan.local. A IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:56:05 ipfire unbound: [1839:0] error: SERVFAIL <wpad.lan.local. A IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:56:06 ipfire ntpd[2066]: Listen normally on 4 green0 192.168.151.254:123
Oct 18 13:56:06 ipfire ntpd[2066]: new interface(s) found: waking up resolver
Oct 18 13:56:06 ipfire unbound: [1839:0] error: SERVFAIL <0.ipfire.pool.ntp.org. A IN>: failed to get a delegation (eg. prime failure)
...
Oct 18 13:57:16 ipfire collectd[2167]: ping plugin: The ping thread had a problem. Restarting it.
Oct 18 13:57:16 ipfire collectd[2167]: read-function of plugin `ping' failed. Will suspend it for 240 seconds.
Oct 18 13:57:16 ipfire unbound: [1839:0] error: SERVFAIL <gateway.lan.local. A IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:57:16 ipfire unbound: [1839:0] error: SERVFAIL <gateway.lan.local. A IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:57:16 ipfire unbound: [1839:0] error: SERVFAIL <gateway. A IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:57:16 ipfire unbound: [1839:0] error: SERVFAIL <gateway. A IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:57:16 ipfire collectd[2167]: ping plugin: ping_host_add (gateway) failed: getaddrinfo: Name or service not known
Oct 18 13:57:16 ipfire collectd[2167]: ping plugin: No host could be added to ping object. Giving up.
Oct 18 13:57:26 ipfire unbound: [1839:0] error: SERVFAIL <wpad.lan.local. A IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:57:26 ipfire unbound: [1839:0] error: SERVFAIL <wpad.lan.local. A IN>: failed to get a delegation (eg. prime failure)
Oct 18 13:57:52 ipfire unbound: [1839:0] error: SERVFAIL <1.ipfire.pool.ntp.org. A IN>: failed to get a delegation (eg. prime failure)
...
Oct 18 14:00:02 ipfire ipfire: Profile saved:  1und1
Oct 18 14:00:11 ipfire ipfire: Profile made current:  1und1
Oct 18 14:00:22 ipfire unbound: [1839:0] error: SERVFAIL <0.ipfire.pool.ntp.org. A IN>: failed to get a delegation (eg. prime failure)
...
Oct 18 14:01:58 ipfire kernel: igb 0000:01:00.0 green0: igb: green0 NIC Link is Down
Oct 18 14:01:59 ipfire ntpd[2066]: Deleting interface #4 green0, 192.168.151.254#123, interface stats: received=0, sent=0, dropped=0, active_time=353 secs
Oct 18 14:02:08 ipfire unbound: [1839:0] error: SERVFAIL <1.ipfire.pool.ntp.org. A IN>: failed to get a delegation (eg. prime failure)
...
Oct 18 14:03:39 ipfire syslogd 1.5.1: restart (remote reception).

another reboot and a small location change later:

Oct 18 14:03:39 ipfire syslogd 1.5.1: restart (remote reception).
Oct 18 14:03:39 ipfire kernel: input: PC Speaker as /devices/platform/pcspkr/input/input4
Oct 18 14:03:39 ipfire kernel: igb: Intel(R) Gigabit Ethernet Network Driver
Oct 18 14:03:39 ipfire kernel: igb: Copyright (c) 2007-2014 Intel Corporation.
Oct 18 14:03:39 ipfire kernel: pps pps0: new PPS source ptp0
Oct 18 14:03:39 ipfire kernel: igb 0000:01:00.0: added PHC on eth0
Oct 18 14:03:39 ipfire kernel: igb 0000:01:00.0: Intel(R) Gigabit Ethernet Network Connection
Oct 18 14:03:39 ipfire kernel: igb 0000:01:00.0: eth0: (PCIe:2.5Gb/s:Width x1) XX:XX:XX:XX:XX:24
Oct 18 14:03:39 ipfire kernel: igb 0000:01:00.0: eth0: PBA No: FFFFFF-0FF
Oct 18 14:03:39 ipfire kernel: igb 0000:01:00.0: Using MSI-X interrupts. 2 rx queue(s), 2 tx queue(s)
Oct 18 14:03:39 ipfire kernel: pps pps1: new PPS source ptp1
Oct 18 14:03:39 ipfire kernel: igb 0000:02:00.0: added PHC on eth1
Oct 18 14:03:39 ipfire kernel: igb 0000:02:00.0: Intel(R) Gigabit Ethernet Network Connection
Oct 18 14:03:39 ipfire kernel: igb 0000:02:00.0: eth1: (PCIe:2.5Gb/s:Width x1) XX:XX:XX:XX:XX:25
Oct 18 14:03:39 ipfire kernel: igb 0000:02:00.0: eth1: PBA No: FFFFFF-0FF
Oct 18 14:03:39 ipfire kernel: igb 0000:02:00.0: Using MSI-X interrupts. 2 rx queue(s), 2 tx queue(s)
Oct 18 14:03:39 ipfire kernel: pps pps2: new PPS source ptp2
Oct 18 14:03:39 ipfire kernel: igb 0000:03:00.0: added PHC on eth2
Oct 18 14:03:39 ipfire kernel: igb 0000:03:00.0: Intel(R) Gigabit Ethernet Network Connection
Oct 18 14:03:39 ipfire kernel: igb 0000:03:00.0: eth2: (PCIe:2.5Gb/s:Width x1) XX:XX:XX:XX:XX:26
Oct 18 14:03:39 ipfire kernel: igb 0000:03:00.0: eth2: PBA No: FFFFFF-0FF
Oct 18 14:03:39 ipfire kernel: igb 0000:03:00.0: Using MSI-X interrupts. 2 rx queue(s), 2 tx queue(s)
Oct 18 14:03:39 ipfire kernel: pps pps3: new PPS source ptp3
Oct 18 14:03:39 ipfire kernel: igb 0000:04:00.0: added PHC on eth3
Oct 18 14:03:39 ipfire kernel: igb 0000:04:00.0: Intel(R) Gigabit Ethernet Network Connection
Oct 18 14:03:39 ipfire kernel: igb 0000:04:00.0: eth3: (PCIe:2.5Gb/s:Width x1) XX:XX:XX:XX:XX:27
Oct 18 14:03:39 ipfire kernel: igb 0000:04:00.0: eth3: PBA No: FFFFFF-0FF
Oct 18 14:03:39 ipfire kernel: igb 0000:04:00.0: Using MSI-X interrupts. 2 rx queue(s), 2 tx queue(s)
Oct 18 14:03:39 ipfire kernel: igb 0000:01:00.0 green0: renamed from eth0
Oct 18 14:03:39 ipfire kernel: igb 0000:04:00.0 red0: renamed from eth3
Oct 18 14:03:39 ipfire kernel: kvm: Nested Virtualization enabled
Oct 18 14:03:39 ipfire kernel: SVM: kvm: Nested Paging enabled
Oct 18 14:03:39 ipfire kernel: MCE: In-kernel MCE decoding enabled.
Oct 18 14:03:39 ipfire kernel: EDAC amd64: MCT channel count: 1
Oct 18 14:03:39 ipfire kernel: EDAC MC0: Giving out device to module amd64_edac controller F16h_M30h: DEV 0000:00:18.3 (INTERRUPT)
Oct 18 14:03:39 ipfire kernel: EDAC amd64: F16h_M30h detected (node 0).
Oct 18 14:03:39 ipfire kernel: EDAC amd64: MC: 0:  4096MB 1:     0MB
Oct 18 14:03:39 ipfire kernel: EDAC amd64: MC: 2:     0MB 3:     0MB
Oct 18 14:03:39 ipfire kernel: EDAC amd64: MC: 4:     0MB 5:     0MB
Oct 18 14:03:39 ipfire kernel: EDAC amd64: MC: 6:     0MB 7:     0MB
Oct 18 14:03:39 ipfire kernel: EDAC amd64: MC: 0:     0MB 1:     0MB
Oct 18 14:03:39 ipfire kernel: EDAC amd64: MC: 2:     0MB 3:     0MB
Oct 18 14:03:39 ipfire kernel: EDAC amd64: MC: 4:     0MB 5:     0MB
Oct 18 14:03:39 ipfire kernel: EDAC amd64: MC: 6:     0MB 7:     0MB
Oct 18 14:03:39 ipfire kernel: EDAC amd64: using x4 syndromes.
Oct 18 14:03:39 ipfire kernel: EDAC PCI0: Giving out device to module amd64_edac controller EDAC PCI controller: DEV 0000:00:18.2 (POLLED)
Oct 18 14:03:39 ipfire kernel: AMD64 EDAC driver v3.5.0
Oct 18 14:03:39 ipfire kernel: EXT4-fs (sda4): re-mounted. Opts: (null). Quota mode: none.
Oct 18 14:03:39 ipfire kernel: EXT4-fs (sda4): re-mounted. Opts: (null). Quota mode: none.
Oct 18 14:03:39 ipfire kernel: EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
Oct 18 14:03:39 ipfire kernel: Adding 1001964k swap on /dev/sda3.  Priority:1 extents:1 across:1001964k SSFS
Oct 18 14:03:39 ipfire kernel: random: rules.pl: uninitialized urandom read (4 bytes read)
Oct 18 14:03:39 ipfire last message repeated 3 times
Oct 18 14:03:40 ipfire kernel: random: crng init done
Oct 18 14:03:40 ipfire kernel: random: 10 urandom warning(s) missed due to ratelimiting
Oct 18 14:03:40 ipfire unbound: [1671:0] notice: init module 0: validator
Oct 18 14:03:40 ipfire unbound: [1671:0] notice: init module 1: iterator
Oct 18 14:03:40 ipfire acpid: starting up with netlink and the input layer
Oct 18 14:03:40 ipfire acpid: 1 rule loaded
Oct 18 14:03:40 ipfire acpid: waiting for events: event logging is off
Oct 18 14:03:40 ipfire unbound: [1671:0] info: start of service (unbound 1.16.3).
Oct 18 14:03:40 ipfire unbound: [1671:0] error: SERVFAIL <. DNSKEY IN>: failed to get a delegation (eg. prime failure)
Oct 18 14:03:42 ipfire pppd[1804]: Plugin rp-pppoe.so loaded.
Oct 18 14:03:42 ipfire connectd[1805]: Connectd (start) started with PID 1805
Oct 18 14:03:42 ipfire kernel: PPP generic driver version 2.4.2
Oct 18 14:03:42 ipfire pppd[1804]: PPPoE plugin from pppd 2.4.9
Oct 18 14:03:42 ipfire pppd[1804]: pppd 2.4.9 started by root, uid 0
Oct 18 14:03:42 ipfire kernel: NET: Registered PF_PPPOX protocol family
Oct 18 14:03:42 ipfire pppd[1804]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
Oct 18 14:03:42 ipfire pppd[1804]:  dst ff:ff:ff:ff:ff:ff  src XX:XX:XX:XX:XX:27
... PPPOE MAGiC ...
Oct 18 14:03:50 ipfire pppd[1804]: local  IP address XXX.XXX.XXX.XXX
Oct 18 14:03:50 ipfire pppd[1804]: remote IP address 94.134.198.143
Oct 18 14:03:50 ipfire pppd[1804]: primary   DNS address 82.144.41.8
Oct 18 14:03:50 ipfire pppd[1804]: secondary DNS address 82.145.9.8
Oct 18 14:03:50 ipfire pppd[1804]: Script /etc/ppp/ip-up started (pid 1857)
Oct 18 14:03:52 ipfire connectd[1805]: System is online. Exiting.

system is online

and then the following happend:

Oct 18 14:03:52 ipfire saslauthd[2072]: detach_tty      : master pid is: 2072
Oct 18 14:03:52 ipfire saslauthd[2072]: ipc_init        : listening on socket: /var/run/saslauthd/mux
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire last message repeated 3 times
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: service stopped (unbound 1.16.3).
Oct 18 14:03:53 ipfire unbound: [1671:0] info: server stats for thread 0: 2 queries, 0 answers from cache, 2 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Oct 18 14:03:53 ipfire unbound: [1671:0] info: server stats for thread 0: requestlist max 2 avg 1 exceeded 0 jostled 0
Oct 18 14:03:53 ipfire unbound: [1671:0] notice: Restart of unbound 1.16.3.
Oct 18 14:03:53 ipfire unbound: [1671:0] notice: init module 0: validator
Oct 18 14:03:53 ipfire unbound: [1671:0] notice: init module 1: iterator
Oct 18 14:03:53 ipfire unbound: [1671:0] info: start of service (unbound 1.16.3).
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Oct 18 14:03:53 ipfire unbound: [1671:0] info: validation failure <. DNSKEY IN>: signature before inception date from 82.144.41.8 for trust anchor . while building chain of trust
Oct 18 14:03:53 ipfire unbound: [1671:0] info: validation failure <ping.ipfire.org. A IN>: key for validation . is marked as invalid
Oct 18 14:03:53 ipfire unbound: [1671:0] info: validation failure <0.ipfire.pool.ntp.org. A IN>: key for validation . is marked as invalid
Oct 18 14:03:53 ipfire unbound: [1671:0] info: validation failure <1.ipfire.pool.ntp.org. A IN>: key for validation . is marked as invalid
Oct 18 14:03:58 ipfire unbound: [1671:0] info: validation failure <0.ipfire.pool.ntp.org. AAAA IN>: key for validation . is marked as invalid
Oct 18 14:03:58 ipfire unbound: [1671:0] info: validation failure <0.ipfire.pool.ntp.org.lan.local. A IN>: key for validation . is marked as invalid
Oct 18 14:03:58 ipfire unbound: [1671:0] info: validation failure <0.ipfire.pool.ntp.org.lan.local. AAAA IN>: key for validation . is marked as invalid
Oct 18 14:03:58 ipfire ntpdate[2114]: Can't find host 0.ipfire.pool.ntp.org: Name or service not known (-2)
Oct 18 14:03:58 ipfire unbound: [1671:0] info: validation failure <1.ipfire.pool.ntp.org. AAAA IN>: key for validation . is marked as invalid
Oct 18 14:03:58 ipfire unbound: [1671:0] info: validation failure <1.ipfire.pool.ntp.org.lan.local. A IN>: key for validation . is marked as invalid
Oct 18 14:03:58 ipfire unbound: [1671:0] info: validation failure <1.ipfire.pool.ntp.org.lan.local. AAAA IN>: key for validation . is marked as invalid
Oct 18 14:03:58 ipfire ntpdate[2114]: Can't find host 1.ipfire.pool.ntp.org: Name or service not known (-2)
Oct 18 14:03:58 ipfire ntpdate[2114]: no servers can be used, exiting
Oct 18 14:03:58 ipfire ipfire: ntpdate error
Oct 18 14:03:58 ipfire ntpd[2371]: ntpd 4.2.8p15@1.3728-o Tue Oct 18 13:03:58 UTC 2022 (1): Starting
Oct 18 14:03:58 ipfire ntpd[2371]: Command line: /usr/bin/ntpd -Ap /var/run/ntpd.pid
Oct 18 14:03:58 ipfire ntpd[2371]: ----------------------------------------------------
Oct 18 14:03:58 ipfire ntpd[2371]: ntp-4 is maintained by Network Time Foundation,
Oct 18 14:03:58 ipfire ntpd[2371]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Oct 18 14:03:58 ipfire ntpd[2371]: corporation.  Support and training for ntp-4 are
Oct 18 14:03:58 ipfire ntpd[2371]: available at https://www.nwtime.org/support
Oct 18 14:03:58 ipfire ntpd[2371]: ----------------------------------------------------
Oct 18 14:03:58 ipfire ntpd[2373]: proto: precision = 0.300 usec (-22)
Oct 18 14:03:58 ipfire ntpd[2373]: basedate set to 2022-10-06
Oct 18 14:03:58 ipfire ntpd[2373]: gps base set to 2022-10-09 (week 2231)
Oct 18 14:03:58 ipfire ntpd[2373]: Listen and drop on 0 v6wildcard [::]:123
Oct 18 14:03:58 ipfire ntpd[2373]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Oct 18 14:03:58 ipfire ntpd[2373]: Listen normally on 2 lo 127.0.0.1:123
Oct 18 14:03:58 ipfire ntpd[2373]: Listen normally on 3 ppp0 XXX.XXX.XXX.XXX
Oct 18 14:03:58 ipfire ntpd[2373]: Listening on routing socket on fd #20 for interface updates
Oct 18 14:03:58 ipfire ntpd[2373]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Oct 18 14:03:58 ipfire ntpd[2373]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Oct 18 14:03:58 ipfire collectd[2421]: cpufreq plugin: Found 4 CPUs
Oct 18 14:03:58 ipfire collectd[2421]: Initialization complete, entering read-loop.
Oct 18 14:03:58 ipfire unbound: [1671:0] info: validation failure <gateway.lan.local. A IN>: key for validation . is marked as invalid
Oct 18 14:03:58 ipfire unbound: [1671:0] info: validation failure <gateway. A IN>: key for validation . is marked as invalid
Oct 18 14:03:58 ipfire collectd[2421]: ping plugin: ping_host_add (gateway) failed: getaddrinfo: Name or service not known
Oct 18 14:03:58 ipfire collectd[2421]: ping plugin: No host could be added to ping object. Giving up.
Oct 18 14:03:58 ipfire dhcpd: Wrote 1 leases to leases file.
Oct 18 14:03:58 ipfire dhcpd: Server starting service.
Oct 18 14:04:03 ipfire unbound: [1671:0] info: validation failure <fireinfo.ipfire.org. A IN>: key for validation . is marked as invalid
Oct 18 14:04:03 ipfire unbound: [1671:0] info: validation failure <fireinfo.ipfire.org. AAAA IN>: key for validation . is marked as invalid
Oct 18 14:04:03 ipfire unbound: [1671:0] info: validation failure <fireinfo.ipfire.org.lan.local. AAAA IN>: key for validation . is marked as invalid
Oct 18 14:04:04 ipfire vnstatd[1619]: Latest database update is no longer in the future (db: 2022-10-18 14:04:00 <= now: 2022-10-18 14:04:04), continuing.
Oct 18 14:04:04 ipfire unbound: [1671:0] info: validation failure <fireinfo.ipfire.org.lan.local. A IN>: key for validation . is marked as invalid
Oct 18 14:04:04 ipfire Profile was not sent propertly: [Errno -2] Name or service not known
Oct 18 14:04:04 ipfire kernel: DROP_HOSTILE IN=ppp0 OUT= MAC= SRC=62.204.41.80 DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=23994 PROTO=TCP SPT=59269 DPT=55000 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 18 14:04:05 ipfire pppd[1804]: Script /etc/ppp/ip-up finished (pid 1857), status = 0x0

lucky me the MA already burns hostile packets
so then i set the date manually via cli

Oct 18 15:00:41 ipfire unbound: [1653:0] error: SERVFAIL <0.ipfire.pool.ntp.org.lan.local. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Dec  1 17:25:00 ipfire dhcpd: Wrote 1 leases to leases file.
Dec  1 17:25:00 ipfire collectd[2400]: uc_update: Value too old: name = localhost/conntrack/conntrack; value time = 1669911900; last cache update = 1669911900;
Dec  1 17:25:00 ipfire collectd[2400]: Filter subsystem: Built-in target `write': Dispatching value to the `rrdtool' plugin failed with status -1.

unfortunately this was not logged but one can see
right after that these ‘Value too old’ and ‘plugin failed with status -1’ spammed the log.
so yet another reboot later:

Dec  1 17:25:17 ipfire syslogd 1.5.1: restart (remote reception).
Dec  1 17:25:21 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.27-x86_64 started!
Dec  1 17:25:21 ipfire pakfire: DOWNLOAD STARTED: 2.27-x86_64/lists/server-list.db
Dec  1 17:25:21 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.27-x86_64/lists/server-list.db
Dec  1 17:25:22 ipfire pakfire: DOWNLOAD INFO: 2.27-x86_64/lists/server-list.db has size of 2534 bytes
Dec  1 17:25:22 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
Dec  1 17:25:22 ipfire pakfire: DOWNLOAD INFO: File received. Start checking signature...
Dec  1 17:25:22 ipfire pakfire: DOWNLOAD INFO: Signature of server-list.db is fine.
Dec  1 17:25:22 ipfire pakfire: DOWNLOAD FINISHED: 2.27-x86_64/lists/server-list.db
Dec  1 17:25:22 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
Dec  1 17:25:22 ipfire pakfire: MIRROR INFO: 29 servers found in list
Dec  1 17:25:22 ipfire pakfire: DOWNLOAD INFO: Host: mirror.ihost.md (HTTPS) - File: ipfire/pakfire2/2.27-x86_64/lists/packages_list.db
Dec  1 17:25:23 ipfire pakfire: DOWNLOAD INFO: ipfire/pakfire2/2.27-x86_64/lists/packages_list.db has size of 5239 bytes
Dec  1 17:25:23 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
Dec  1 17:25:23 ipfire pakfire: DOWNLOAD INFO: File received. Start checking signature...
Dec  1 17:25:23 ipfire pakfire: DOWNLOAD INFO: Signature of packages_list.db is fine.
Dec  1 17:25:23 ipfire pakfire: DOWNLOAD FINISHED: ipfire/pakfire2/2.27-x86_64/lists/packages_list.db
Dec  1 17:25:23 ipfire pakfire: DOWNLOAD STARTED: lists/core-list.db
Dec  1 17:25:23 ipfire pakfire: MIRROR INFO: 29 servers found in list
Dec  1 17:25:23 ipfire pakfire: DOWNLOAD INFO: Host: muug.ca (HTTPS) - File: mirror/ipfire/pakfire2/2.27-x86_64/lists/core-list.db
Dec  1 17:25:25 ipfire pakfire: DOWNLOAD INFO: mirror/ipfire/pakfire2/2.27-x86_64/lists/core-list.db has size of 903 bytes
Dec  1 17:25:10 ipfire ntpdate[8943]: step time server 79.133.44.137 offset -14.239846 sec
Dec  1 17:25:10 ipfire ipfire: NTP synchronisation
Dec  1 17:25:11 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
Dec  1 17:25:11 ipfire pakfire: DOWNLOAD INFO: File received. Start checking signature...
Dec  1 17:25:11 ipfire pakfire: DOWNLOAD INFO: Signature of core-list.db is fine.
Dec  1 17:25:11 ipfire pakfire: DOWNLOAD FINISHED: mirror/ipfire/pakfire2/2.27-x86_64/lists/core-list.db
Dec  1 17:25:11 ipfire pakfire: PAKFIRE INFO: Pakfire has finished. Closing.
Dec  1 17:25:12 ipfire Downloaded new database from Thu, 24 Nov 2022 06:29:53 GMT
Dec  1 17:25:15 ipfire kernel: DROP_HOSTILE IN=ppp0 OUT= MAC= SRC=89.248.165.185 DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=37472 PROTO=TCP SPT=56323 DPT=55256 WINDOW=1024 RES=0x00 SYN URGP=0 
Dec  1 17:25:15 ipfire ntpd[2352]: ntpd exiting on signal 15 (Terminated)
Dec  1 17:25:15 ipfire ntpd[2352]: 127.127.1.0 local addr 127.0.0.1 -> <null>
Dec  1 17:25:15 ipfire ntpd[2352]: 81.169.204.140 local addr XXX.XXX.XXX.XXX -> <null>
Dec  1 17:25:15 ipfire ntpd[2352]: 45.9.61.155 local addr XXX.XXX.XXX.XXX -> <null>
Dec  1 17:25:21 ipfire kernel: DROP_INPUT IN=ppp0 OUT= MAC= SRC=176.113.115.144 DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=14182 PROTO=TCP SPT=49671 DPT=9247 WINDOW=1024 RES=0x00 SYN URGP=0 
Dec  1 17:25:29 ipfire ntpdate[9221]: adjust time server 79.133.44.137 offset -0.001558 sec
Dec  1 17:25:29 ipfire ipfire: NTP synchronisation

it started working

besides the 0815: i checked some dashboards from 0€ to 5000€ and all of them
show the systems current date and time