uk pool problem - NTP

This is a discussion on uk pool problem - NTP ; David J Taylor wrote: > Richard B. Gilbert wrote: > > However, at the moment, when I use UK pool servers, more times than not > the servers do not resolve at reboot, so I end up with no servers ...

+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast
Results 21 to 40 of 80

Thread: uk pool problem

  1. Re: uk pool problem

    David J Taylor wrote:
    > Richard B. Gilbert wrote:
    >
    > However, at the moment, when I use UK pool servers, more times than not
    > the servers do not resolve at reboot, so I end up with no servers from the
    > pool! This is the known DNS problem, which seems to have become worse
    > over the last few months. Hence I need to specify other servers as well,
    > and end up with more than the ideal number......
    >
    > David


    That problem has been fixed but I don't think it's in the Meinberg
    release yet.

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  2. Re: uk pool problem

    Danny Mayer wrote:
    > David J Taylor wrote:
    >> Richard B. Gilbert wrote:
    >>
    >> However, at the moment, when I use UK pool servers, more times than
    >> not the servers do not resolve at reboot, so I end up with no
    >> servers from the pool! This is the known DNS problem, which seems
    >> to have become worse over the last few months. Hence I need to
    >> specify other servers as well, and end up with more than the ideal
    >> number......
    >>
    >> David

    >
    > That problem has been fixed but I don't think it's in the Meinberg
    > release yet.
    >
    > Danny


    Danny,

    The problem I am referring to is a DNS issue, not related to NTP, and it
    doesn't look to have been fixed yet:

    ------------------------------------------------------
    C:\>nslookup 0.uk.pool.ntp.org
    Server: ns1-edi.blueyonder.net
    Address: 62.31.64.39

    *** ns1-edi.blueyonder.net can't find 0.uk.pool.ntp.org: Non-existent
    domain

    C:\>nslookup 1.uk.pool.ntp.org
    Server: ns1-edi.blueyonder.net
    Address: 62.31.64.39

    *** ns1-edi.blueyonder.net can't find 1.uk.pool.ntp.org: Non-existent
    domain

    C:\>
    ------------------------------------------------------

    Something about the DNS records causes "normal" DNS servers to reject the
    updates - sorry but I don't know the exact details.

    Cheers,
    David



  3. Re: uk pool problem

    mayer@ntp.isc.org (Danny Mayer) wrote:

    > > Quote:
    > > o Anyone using ntpdate (or equivalent) or unauthorised frequent
    > > polling of the time will be reported to their ISP's abuse contact.


    > > I don't see why ntpdate is quite so frowned upon.

    >
    > You mean issues like this don't bother you? Using ntpd instead avoids
    > many of this issues brought up in this discussion.


    I see no reason to try to stop clients using ntpdate against servers by
    giving them the wrong time and/or threatening abuse reports. Excessive
    polling, eg running ntpdate every 15 seconds or any similar client bad
    behaviour, is a separate issue.

    --
    Ronan Flood
    working for but not speaking for
    Network Services, University of London Computer Centre
    (which means: don't bother ULCC if I've said something you don't like)

  4. Re: uk pool problem

    Richard B. Gilbert wrote:
    >
    > Is there an ntpd equivalent to ntpdate -du ?
    >


    ntpd -gq

    with optional -c conffile if you don't want to use your default config
    file. Make sure you have iburst on the server lines and don't bother
    with either multicasting or broadcasting.

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  5. Re: uk pool problem

    David J Taylor wrote:
    > Danny Mayer wrote:
    > Danny,
    >
    > The problem I am referring to is a DNS issue, not related to NTP, and it
    > doesn't look to have been fixed yet:
    >
    > ------------------------------------------------------
    > C:\>nslookup 0.uk.pool.ntp.org
    > Server: ns1-edi.blueyonder.net
    > Address: 62.31.64.39
    >
    > *** ns1-edi.blueyonder.net can't find 0.uk.pool.ntp.org: Non-existent
    > domain
    >
    > C:\>nslookup 1.uk.pool.ntp.org
    > Server: ns1-edi.blueyonder.net
    > Address: 62.31.64.39
    >
    > *** ns1-edi.blueyonder.net can't find 1.uk.pool.ntp.org: Non-existent
    > domain
    >
    > C:\>
    > ------------------------------------------------------
    >
    > Something about the DNS records causes "normal" DNS servers to reject the
    > updates - sorry but I don't know the exact details.
    >
    > Cheers,
    > David


    I don't think you understand how DNS operates. If you are getting
    NXDOMAIN for this address, your DNS was unsuccessful in getting the
    record and caches that fact for a certain length of time defined in the
    TTL field of the SOA record of the domain. Once the time has expired it
    will retry the query when asked for that address. You might also want to
    turn off the "DNS Client" on your system as this has similar bad effects.

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  6. Re: uk pool problem

    Ronan Flood wrote:
    > mayer@ntp.isc.org (Danny Mayer) wrote:
    >
    >>> Quote:
    >>> o Anyone using ntpdate (or equivalent) or unauthorised frequent
    >>> polling of the time will be reported to their ISP's abuse contact.

    >
    >>> I don't see why ntpdate is quite so frowned upon.

    >> You mean issues like this don't bother you? Using ntpd instead avoids
    >> many of this issues brought up in this discussion.

    >
    > I see no reason to try to stop clients using ntpdate against servers by
    > giving them the wrong time and/or threatening abuse reports. Excessive
    > polling, eg running ntpdate every 15 seconds or any similar client bad
    > behaviour, is a separate issue.
    >


    That's a separate issue. I was talking about a server giving you the
    wrong answer. ntpdate will just accept it, while ntpd will compare it to
    other answers it has received and drop it if it disagrees that much from
    other answers it received.

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  7. Re: uk pool problem

    Danny Mayer wrote:
    > David J Taylor wrote:
    >> Danny Mayer wrote:
    >> Danny,
    >>
    >> The problem I am referring to is a DNS issue, not related to NTP,
    >> and it doesn't look to have been fixed yet:
    >>
    >> ------------------------------------------------------
    >> C:\>nslookup 0.uk.pool.ntp.org
    >> Server: ns1-edi.blueyonder.net
    >> Address: 62.31.64.39
    >>
    >> *** ns1-edi.blueyonder.net can't find 0.uk.pool.ntp.org: Non-existent
    >> domain
    >>
    >> C:\>nslookup 1.uk.pool.ntp.org
    >> Server: ns1-edi.blueyonder.net
    >> Address: 62.31.64.39
    >>
    >> *** ns1-edi.blueyonder.net can't find 1.uk.pool.ntp.org: Non-existent
    >> domain
    >>
    >> C:\>
    >> ------------------------------------------------------
    >>
    >> Something about the DNS records causes "normal" DNS servers to
    >> reject the updates - sorry but I don't know the exact details.
    >>
    >> Cheers,
    >> David

    >
    > I don't think you understand how DNS operates. If you are getting
    > NXDOMAIN for this address, your DNS was unsuccessful in getting the
    > record and caches that fact for a certain length of time defined in
    > the TTL field of the SOA record of the domain. Once the time has
    > expired it will retry the query when asked for that address. You
    > might also want to turn off the "DNS Client" on your system as this
    > has similar bad effects.
    >
    > Danny


    Thanks, Danny.

    You are indeed correct that I have less understanding of precisely how DNS
    operates than how NTP operates. However, as I don't see this problem with
    other NTP servers, just those from the pool, so I am forced to conclude
    that it might be the way the pool operates compared to a more conventional
    static DNS.

    The pool operators are aware of this problem, I believe, and are
    addressing it.

    Cheers,
    David



  8. Re: uk pool problem

    mayer@ntp.isc.org (Danny Mayer) wrote:

    > That's a separate issue. I was talking about a server giving you the
    > wrong answer. ntpdate will just accept it, while ntpd will compare it to
    > other answers it has received and drop it if it disagrees that much from
    > other answers it received.


    I wasn't referring to that; you must have missed the context of my
    comment, the quote from the website.

    Re accepting the wrong answer, ntpd would be as bad if you configured
    only one server. ntpdate can be given multiple servers too, and will
    query them all and attempt some sanity checking. I don't know if it's
    as good as ntpd, however, and I agree that using ntpd is the preferred
    approach.

    --
    Ronan Flood
    working for but not speaking for
    Network Services, University of London Computer Centre
    (which means: don't bother ULCC if I've said something you don't like)

  9. Re: uk pool problem

    Danny Mayer wrote:
    > Richard B. Gilbert wrote:
    >
    >>Is there an ntpd equivalent to ntpdate -du ?
    >>

    >
    >
    > ntpd -gq
    >
    > with optional -c conffile if you don't want to use your default config
    > file. Make sure you have iburst on the server lines and don't bother
    > with either multicasting or broadcasting.
    >
    > Danny
    > _______________________________________________
    > questions mailing list
    > questions@lists.ntp.isc.org
    > https://lists.ntp.isc.org/mailman/listinfo/questions
    >


    Danny,

    I don't think that's equivalent!!

    ntpdate -du does NOT set the clock, it merely reports what it would
    have done had it been asked to set the clock. That's the -d. The -u
    causes it to use an unprivileged port so you can run it while ntpd is
    running. Those options are useful for getting a peek at a server's
    notion of the correct time without configuring the server or affecting
    your clock in any way.

    It's clearly possible for an otherwise sane server to produce an insane
    reply. The case in point was easily detectable by looking at your
    calendar but this is the first such case I've encountered in something
    like three years of following this newsgroup.

  10. Re: uk pool problem

    Please see http://ntp.isc.org/Dev/DeprecatingNtpdate for the various
    mappings between what ntpdate does and how to get that functionality
    otherwise.

    H

  11. Re: uk pool problem

    Harlan Stenn writes:

    >Please see http://ntp.isc.org/Dev/DeprecatingNtpdate for the various
    >mappings between what ntpdate does and how to get that functionality
    >otherwise.


    I note that the two flags asked about (-u to not use a priveleged port
    and -d to not acually set the time) aren't actually covered!

    David.

  12. Re: uk pool problem

    Harlan Stenn wrote:

    > Please see http://ntp.isc.org/Dev/DeprecatingNtpdate for the various
    > mappings between what ntpdate does and how to get that functionality
    > otherwise.
    >
    > H


    It says that the functionality I asked about does not exist; e.g. you
    cannot ask a server what time it is without also setting your clock. Nor
    can you use a non-privileged port.

  13. Re: uk pool problem

    David J Taylor wrote:
    > Danny Mayer wrote:
    >> David J Taylor wrote:
    >>> Danny Mayer wrote:
    >>> Danny,
    >>>
    >>> The problem I am referring to is a DNS issue, not related to NTP,
    >>> and it doesn't look to have been fixed yet:
    >>>
    >>> ------------------------------------------------------
    >>> C:\>nslookup 0.uk.pool.ntp.org
    >>> Server: ns1-edi.blueyonder.net
    >>> Address: 62.31.64.39
    >>>
    >>> *** ns1-edi.blueyonder.net can't find 0.uk.pool.ntp.org: Non-existent
    >>> domain
    >>>
    >>> C:\>nslookup 1.uk.pool.ntp.org
    >>> Server: ns1-edi.blueyonder.net
    >>> Address: 62.31.64.39
    >>>
    >>> *** ns1-edi.blueyonder.net can't find 1.uk.pool.ntp.org: Non-existent
    >>> domain
    >>>
    >>> C:\>
    >>> ------------------------------------------------------
    >>>
    >>> Something about the DNS records causes "normal" DNS servers to
    >>> reject the updates - sorry but I don't know the exact details.
    >>>
    >>> Cheers,
    >>> David

    >> I don't think you understand how DNS operates. If you are getting
    >> NXDOMAIN for this address, your DNS was unsuccessful in getting the
    >> record and caches that fact for a certain length of time defined in
    >> the TTL field of the SOA record of the domain. Once the time has
    >> expired it will retry the query when asked for that address. You
    >> might also want to turn off the "DNS Client" on your system as this
    >> has similar bad effects.
    >>
    >> Danny

    >
    > Thanks, Danny.
    >
    > You are indeed correct that I have less understanding of precisely how DNS
    > operates than how NTP operates. However, as I don't see this problem with
    > other NTP servers, just those from the pool, so I am forced to conclude
    > that it might be the way the pool operates compared to a more conventional
    > static DNS.
    >
    > The pool operators are aware of this problem, I believe, and are
    > addressing it.
    >
    > Cheers,
    > David


    I would be able to supply expert advice to the pool operators if they
    need it though I don't understand what issue it is that they are trying
    to address.

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  14. Re: uk pool problem

    Ronan Flood wrote:
    > mayer@ntp.isc.org (Danny Mayer) wrote:
    >
    >> That's a separate issue. I was talking about a server giving you the
    >> wrong answer. ntpdate will just accept it, while ntpd will compare it to
    >> other answers it has received and drop it if it disagrees that much from
    >> other answers it received.

    >
    > I wasn't referring to that; you must have missed the context of my
    > comment, the quote from the website.
    >


    That's an issue for the pool operators. I did read the web site
    reference. I don't understand how they determine who can register an NTP
    pool server but if they accept addresses from anyone they have a major
    problem if it is true that it shouldn't have been added to the pool.
    Additionally there is evidence that the server sometimes gives a totally
    incorrect answer but it's not clear to anyone why. There's no
    information on the web site for the pool to indicate who owns or is the
    contact for this server.

    > Re accepting the wrong answer, ntpd would be as bad if you configured
    > only one server. ntpdate can be given multiple servers too, and will
    > query them all and attempt some sanity checking. I don't know if it's
    > as good as ntpd, however, and I agree that using ntpd is the preferred
    > approach.
    >


    I'd have to check the ntpdate code but I don't think it does anything
    special to verify the receive data.

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  15. Re: uk pool problem

    Richard B. Gilbert wrote:
    > Danny Mayer wrote:
    >> Richard B. Gilbert wrote:
    >>
    >>> Is there an ntpd equivalent to ntpdate -du ?
    >>>

    >>
    >>
    >> ntpd -gq
    >>
    >> with optional -c conffile if you don't want to use your default config
    >> file. Make sure you have iburst on the server lines and don't bother
    >> with either multicasting or broadcasting.
    >>
    >> Danny
    >> _______________________________________________
    >> questions mailing list
    >> questions@lists.ntp.isc.org
    >> https://lists.ntp.isc.org/mailman/listinfo/questions
    >>

    >
    > Danny,
    >
    > I don't think that's equivalent!!
    >
    > ntpdate -du does NOT set the clock, it merely reports what it would
    > have done had it been asked to set the clock. That's the -d. The -u
    > causes it to use an unprivileged port so you can run it while ntpd is
    > running. Those options are useful for getting a peek at a server's
    > notion of the correct time without configuring the server or affecting
    > your clock in any way.
    >


    What about reftime in the ntpq -c rv query?

    > It's clearly possible for an otherwise sane server to produce an insane
    > reply. The case in point was easily detectable by looking at your
    > calendar but this is the first such case I've encountered in something
    > like three years of following this newsgroup.
    >


    There are several unusual things about that server including IPv6-only
    nameservers.

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  16. Re: uk pool problem

    >>> In article , dwmalone@maths.tcd.ie (David Malone) writes:

    >> Please see http://ntp.isc.org/Dev/DeprecatingNtpdate for the various
    >> mappings between what ntpdate does and how to get that functionality
    >> otherwise.


    David> I note that the two flags asked about (-u to not use a priveleged
    David> port and -d to not acually set the time) aren't actually covered!

    -d is covered, and while there may not be an exact duplicate there is a -d
    flag for ntpd and the sntp command has a way to query the time without
    setting it. If there is a particular thing you need that is not covered
    open up an enhancement request.

    I have not looked at -u.

    H

  17. Re: uk pool problem

    >>> In article , "Richard B. Gilbert" writes:

    Richard> Harlan Stenn wrote:
    >> Please see http://ntp.isc.org/Dev/DeprecatingNtpdate for the various
    >> mappings between what ntpdate does and how to get that functionality
    >> otherwise. H


    Richard> It says that the functionality I asked about does not exist;
    Richard> e.g. you cannot ask a server what time it is without also setting
    Richard> your clock.

    Sure you can - the sntp command does this. It may not be documented on that
    page, but that's a different matter.

    Richard> Nor can you use a non-privileged port.

    If the RFCs allow/expect this then we have a bug. Otherwise, it will be an
    enhancement request.

    The web page can be updated by anybody who cares.

    The -u issue will require somebody to open a bugzilla item.

    H

  18. Re: uk pool problem

    mayer@ntp.isc.org (Danny Mayer) wrote:

    > Additionally there is evidence that the server sometimes gives a totally
    > incorrect answer but it's not clear to anyone why.


    It appears to be to discourage people from using ntpdate!

    > I'd have to check the ntpdate code but I don't think it does anything
    > special to verify the receive data.


    Yes, or you could try the documentation:

    http://www.eecis.udel.edu/~mills/ntp/html/ntpdate.html

    "ntpdate sets the local date and time by polling the Network Time Protocol
    (NTP) server(s) given as the server arguments to determine the correct
    time. It must be run as root on the local host. A number of samples are
    obtained from each of the servers specified and a subset of the NTP clock
    filter and selection algorithms are applied to select the best of these.
    Note that the accuracy and reliability of ntpdate depends on the number
    of servers, the number of polls each time it is run and the interval
    between runs."


    --
    Ronan Flood
    working for but not speaking for
    Network Services, University of London Computer Centre
    (which means: don't bother ULCC if I've said something you don't like)

  19. Re: uk pool problem

    Harlan Stenn wrote:

    > -d is covered, and while there may not be an exact duplicate there is a -d
    > flag for ntpd and the sntp command has a way to query the time without
    > setting it. If there is a particular thing you need that is not covered
    > open up an enhancement request.
    >
    > I have not looked at -u.


    Perhaps rather than being retired, ntpdate should have the time-setting
    code removed and be renamed something like ntpping, with -qu always set.
    I for one find it a useful diagnostic tool in query-only and debug modes.

    --
    Ronan Flood
    working for but not speaking for
    Network Services, University of London Computer Centre
    (which means: don't bother ULCC if I've said something you don't like)

  20. Re: uk pool problem

    Ronan Flood wrote:
    > Harlan Stenn wrote:
    >
    >> -d is covered, and while there may not be an exact duplicate there is a
    >> -d flag for ntpd and the sntp command has a way to query the time without
    >> setting it. If there is a particular thing you need that is not covered
    >> open up an enhancement request.
    >>
    >> I have not looked at -u.

    >
    > Perhaps rather than being retired, ntpdate should have the time-setting
    > code removed and be renamed something like ntpping, with -qu always set.
    > I for one find it a useful diagnostic tool in query-only and debug modes.


    Full ack. I very often use it for debugging and testing. The only thing I
    find deprecated is to use the way it has been used before the -g option had
    been introduced, namely to set the initial system time.

    I wouldn't even remove the capabiltiy to send requests via either a
    priviledged or an unpriviledged port. This is very useful to check whether
    there's some kind of firewall between the test system and the NTP server
    which only allows for unpreviledged ports and blocks priviledged, or
    vice-versa.

    Being able to send requests from either type of port is fine to detect such
    conditions, if people complain their NTP client doesn't sync to their
    server.

    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast