[ntp:questions] Regarding updation of IP addresses in the ntpd.conf file

Brian Utterback brian.utterback at oracle.com
Sat Jul 21 18:15:51 UTC 2012


On 7/20/2012 6:23 PM, E-Mail Sent to this address will be added to the 
BlackLists wrote:
> Brian Utterback wrote:> BlackLists wrote:
>>>    server 0.pool.ntp.org
>>>    server 1.pool.ntp.org
>>>    server 2.pool.ntp.org
>>>    server 3.pool.ntp.org
>>>
>>> More recent versions of ntp, might replace all four
>>>   of those lines with one line in the conf file, e.g.:
>>>
>>>    pool pool.ntp.org
>> Not generally. For some reason each lookup of any of these
>>   always returns 3 addresses. Since we still recommend four
>>   servers (even if there is some dispute over the reasons),
>>   using just pool.ntp.org won't work.
>> Even is you do multiple lookups, if there is anything that
>>   does any caching in between you and the DNS server that
>>   sets the addresses, you will get the same three.
>> I don't know why there are only three addresses.
>>   The simplest solution would be for the round robin DNS
>>    servers to give out more addresses, then you could just
>>    have the single line.
>
> I think you would have to have DNS servers that are breaking
>   several of STD/RFC/ Best common Practices to really see that.
>
> I see that to be not true.
> When using the pool command (instead of server),
>   ntp will keep pulling more IPs up to max clock (10 default),
>   and then continue to pull more IPs
>    whenever it finds a reason to discard a peer,
>    and the quantity of peers drops below max clock.
>
> I find that after running a long time,
>   you end up with a nice click of servers,
>   with the far away ones in other countries getting discarded.
>
>   10 queries gets 18 unique IPs
>   50 queries gets 33 unique IPs
> 100 queries gets 51 unique IPs
>
> dns\bin>dig pool.ntp.org
> ; <<>> DiG 9.9.1-P1 <<>> pool.ntp.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24882
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;pool.ntp.org.          IN   A
>
> ;; ANSWER SECTION:
> pool.ntp.org.      70   IN   A   108.59.14.130
> pool.ntp.org.      70   IN   A   64.73.32.134
> pool.ntp.org.      70   IN   A   67.18.187.111
>
> ;; Query time: 15 msec
> ;; SERVER: 206.13.29.12#53(206.13.29.12)
> ;; WHEN: Fri Jul 20 14:29:25 2012
> ;; MSG SIZE  rcvd: 89
>
>
> dns\bin>dig +short pool.ntp.org
> 184.105.192.247
> 67.18.187.111
> 69.164.217.193
>

As you can see from your own queries, the address pool.ntp.org returns 
three addresses and a timeout of 70 seconds. That means that subsequent 
lookup of that same hostname can reasonably be expected to return the 
same three addresses for up to 70 seconds, if the server that is being 
queried is a caching server.  Does the logic that does this lookup 
repeat the lookup more than 70 seconds later to get new addresses?

Furthermore, this is assuming that the naming service is DNS at the 
front end, and that may not be the case. NIS, NIS+, LDAP or others might 
be the front end naming service and could have different, longer term 
caching strategies and the same three addresses could be returned for 
even longer than 70 seconds.

I just tried looking up pool.ntp.org on my Windows Vista system and got 
the same IP addresses for 5 minutes before I got bored.

Brian Utterback


More information about the questions mailing list