[nSLUG] Why is ntp so terrible?

D G Teed donald.teed at gmail.com
Fri Mar 10 09:59:53 AST 2017


I am looking at a debug document for ntp.  Testing on a server which is
about a minute off.

# ntpq
ntpq> as

ind assid status  conf reach auth condition  last_event cnt
===========================================================
  1 28167  8011   yes    no  none    reject    mobilize  1

Restarting ntpd on this system since the IPv6 connection is possible with
the system
firewall change made no change to this output above.

If I run ntpdate ntp (host alias to ntp server), it corrects the time.

# ntpdate ntp
10 Mar 09:45:00 ntpdate[3914]: step time server XXX.YYY.ZZZ.06 offset
98.673892 sec

I think I see another problem.  The default restrict on the ntp server is
noquery
but then we open it up on the IPv4 with a mask.  The same needs to be
done for IPv6 and a restrict statement.

I don't know why IPv6 is preferred for services even when it is being
blocked.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20170310/8ef3cb9a/attachment-0001.html>


More information about the nSLUG mailing list