netwatch-dns: disable DoH if time not sync...

... as it is possible that time is off, DNS via DoH fails (cert invalid),
and finally syncing time fails due to failing DNS.

netwatch-dns.rsc

@@ -16,6 +16,8 @@
 
   :global CertificateAvailable;
   :global EitherOr;
+  :global IsDNSResolving;
+  :global IsTimeSync;
   :global LogPrint;
   :global ParseKeyValueStore;
   :global ScriptLock;
@@ -67,6 +69,12 @@
   :local DohCurrent [ /ip/dns/get use-doh-server ];
   :local DohServers ({});
 
+  :if ([ :len $DohCurrent ] > 0 && [ $IsDNSResolving ] = false && [ $IsTimeSync ] = false) do={
+    $LogPrint info $ScriptName ("Time is not sync, disabling DoH: " . $DohCurrent);
+    /ip/dns/set use-doh-server="";
+    :set DohCurrent "";
+  }
+
   :foreach Host in=[ /tool/netwatch/find where comment~"\\bdoh\\b" status="up" ] do={
     :local HostVal [ /tool/netwatch/get $Host ];
     :local HostInfo [ $ParseKeyValueStore ($HostVal->"comment") ];