[ntp:questions] no server suitable for synchronization?
brad at stop.mail-abuse.org
Mon Feb 21 14:54:51 UTC 2005
At 9:58 PM +0800 2005-02-21, Zhang Weiwu wrote:
> I will try to figure out how to detect which IP address am I querying.
> However I don't think it's the fault of a particular server because I
> have tried .pool.ntp.org for a long time and I have cronjob tries
> to correct time each 1 hour, but my time is still incorrect after
> several weeks.
That would point to a probably firewall issue.
> I am not experienced enough to sniff network traffic, the only thing I
> could do I guess is to take this debug info.
That's good enough.
> There is a NAT firewall in our company but I think it's no problem
> because this firewall is configured by me to only stop outside connect
> to local port but not vise-versa.
Keep in mind that NTP uses port 123 UDP. There is no
"connection" that is made. You simply send packets one way to make a
query, and you get packets back for a response. Most stateful
firewall implementations I know of should probably handle this, by
remembering recent outgoing connections to a given IP address/port
combination, and allowing packets coming back in from that same IP
address/port to be forwarded to the appropriate place.
One way you could test is to try "ntpdate -u" instead of
"ntpdate". The "-u" option tells "ntpdate" to use a high-numbered
unprivileged source port, instead of port 123. If this works but
regular "ntpdate" does not, then you clearly have a firewall problem,
probably at your ISP.
> sappho ~ # ntpdate -d 1.pool.ntp.org
> 21 Feb 21:57:01 ntpdate: ntpdate 4.2.0a at 1.1190-r Tue Dec 7
>21:59:12 CST 2004 (1)
> Looking for host 1.pool.ntp.org and service ntp
> host found : rosehip.exnet.com
> 22.214.171.124: Server dropped: no data
> server 126.96.36.199, port 123
You sent out queries, but never got any responses. This server
appears to be functioning fine to me:
% ntpq -c rv 188.8.131.52
assID=0 status=0694 leap_none, sync_ntp, 9 events, event_peer/strat_chg,
system="SunOS", leap=00, stratum=2, rootdelay=158.070,
rootdispersion=12.510, peer=17382, refid=184.108.40.206,
reftime=c5c4725f.54bcb000 Mon, Feb 21 2005 15:44:47.331, poll=10,
clock=0xc5c472b7.5eb3f000, phase=5.143, freq=10794.01, error=8.21
% ntpq -p 220.127.116.11
remote refid st t when poll reach delay offset jitter
MSF_ARCRON(0) .MSFa. 1 - - 64 0 0.000 0.000 16000.0
thyme.exnet.com 18.104.22.168 2 u 798 1024 117 0.580 6.510 1001.42
*time.nist.gov .ACTS. 1 u 99 1024 377 158.070 5.143 3.720
+bear.zoo.bt.co. 22.214.171.124 2 u 110 1024 377 27.080 11.152 3.860
126.96.36.199 0.0.0.0 16 - - 64 0 0.000 0.000 16000.0
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the questions