[nSLUG] Why is ntp so terrible?

D G Teed donald.teed at gmail.com
Fri Mar 10 10:42:16 AST 2017


I have confirmed running ntpd -d on both ends, it is connecting with IPv6
now.

It requires a good restrict line on the ntp central server to allow
connections
over IPv6.  The default restrict on IPv6 won't allow it to work.  Apparently
we should use -6 on restrict except for the line using the IP address and
mask.
It also required setting the interface listen for the IPv6 address on the
ntp server.



On Fri, Mar 10, 2017 at 9:59 AM, D G Teed <donald.teed at gmail.com> wrote:

>
> I am looking at a debug document for ntp.  Testing on a server which is
> about a minute off.
>
> # ntpq
> ntpq> as
>
> ind assid status  conf reach auth condition  last_event cnt
> ===========================================================
>   1 28167  8011   yes    no  none    reject    mobilize  1
>
> Restarting ntpd on this system since the IPv6 connection is possible with
> the system
> firewall change made no change to this output above.
>
> If I run ntpdate ntp (host alias to ntp server), it corrects the time.
>
> # ntpdate ntp
> 10 Mar 09:45:00 ntpdate[3914]: step time server XXX.YYY.ZZZ.06 offset
> 98.673892 sec
>
> I think I see another problem.  The default restrict on the ntp server is
> noquery
> but then we open it up on the IPv4 with a mask.  The same needs to be
> done for IPv6 and a restrict statement.
>
> I don't know why IPv6 is preferred for services even when it is being
> blocked.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20170310/f8afe8fc/attachment.html>


More information about the nSLUG mailing list