[ntp:questions] no server suitable for synchronization?

Brad Knowles brad at stop.mail-abuse.org
Mon Feb 21 14:54:51 UTC 2005

At 9:58 PM +0800 2005-02-21, Zhang Weiwu wrote:

>  I will try to figure out how to detect which IP address am I querying.
>  However I don't think it's the fault of a particular server because I
>  have tried [123].pool.ntp.org for a long time and I have cronjob tries
>  to correct time each 1 hour, but my time is still incorrect after
>  several weeks.

	That would point to a probably firewall issue.

>  I am not experienced enough to sniff network traffic, the only thing I
>  could do I guess is to take this debug info.

	That's good enough.

>  There is a NAT firewall in our company but I think it's no problem
>  because this firewall is configured by me to only stop outside connect
>  to local port but not vise-versa.

	Keep in mind that NTP uses port 123 UDP.  There is no 
"connection" that is made.  You simply send packets one way to make a 
query, and you get packets back for a response.  Most stateful 
firewall implementations I know of should probably handle this, by 
remembering recent outgoing connections to a given IP address/port 
combination, and allowing packets coming back in from that same IP 
address/port to be forwarded to the appropriate place.

	One way you could test is to try "ntpdate -u" instead of 
"ntpdate".  The "-u" option tells "ntpdate" to use a high-numbered 
unprivileged source port, instead of port 123.  If this works but 
regular "ntpdate" does not, then you clearly have a firewall problem, 
probably at your ISP.

>  sappho ~ # ntpdate -d 1.pool.ntp.org
>  21 Feb 21:57:01 ntpdate[3180]: ntpdate 4.2.0a at 1.1190-r Tue Dec  7 
>21:59:12 CST 2004 (1)
>  Looking for host 1.pool.ntp.org and service ntp
>  host found : rosehip.exnet.com
>  transmit(
>  transmit(
>  transmit(
>  transmit(
>  transmit(
> Server dropped: no data
>  server, port 123

	You sent out queries, but never got any responses.  This server 
appears to be functioning fine to me:

% ntpq -c rv
assID=0 status=0694 leap_none, sync_ntp, 9 events, event_peer/strat_chg,
system="SunOS", leap=00, stratum=2, rootdelay=158.070,
rootdispersion=12.510, peer=17382, refid=,
reftime=c5c4725f.54bcb000  Mon, Feb 21 2005 15:44:47.331, poll=10,
clock=0xc5c472b7.5eb3f000, phase=5.143, freq=10794.01, error=8.21

% ntpq -p
      remote           refid      st t when poll reach   delay   offset  jitter
MSF_ARCRON(0)   .MSFa.           1 -    -   64    0    0.000    0.000 16000.0
thyme.exnet.com    2 u  798 1024  117    0.580    6.510 1001.42
*time.nist.gov   .ACTS.           1 u   99 1024  377  158.070    5.143   3.720
+bear.zoo.bt.co.   2 u  110 1024  377   27.080   11.152   3.860         16 -    -   64    0    0.000    0.000 16000.0

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the questions mailing list