[ntp:questions] NTPD silently not tracking

Magnus Danielson magnus at rubidium.dyndns.org
Sun Sep 1 21:40:42 UTC 2013


On 09/01/2013 10:42 PM, unruh wrote:
> On 2013-09-01, Steve Kostecke <kostecke at ntp.org> wrote:
>> On 2013-09-01, Rob <nomail at example.com> wrote:
>>
>> The NTP Reference Implementation is free software. The copyright
>> holder (The University of Delaware) makes no representations
>> about the suitability this software for any purpose. It is
>> provided "as is" without express or implied warranty. Please visit
>> http://www.ntp.org/copyright for the complete copyright notice and
>> license statement.
> Yes, usual legal ass protection. Fortunately ntpd developers usually do not
> actually either believe that nor act as though they believe that. 
> They tend not to say "Oh-- it does not work, tough shit."
> And you do them, and yourself a disservice by saying that that is what
> they do. It is not what they or you do. 
>
> In this case ntpd wandered off by hours with no complaint. That is not a
> proper behaviour of a professional piece of software. Now it could be
> that they have the local clock enables, and for some reason ntpd chased
> that rather than all of the other server sources. Pointing out that they
> should never actually use the local clock as a source is certainly
> useful since the clock is never wrong with respect to the local source.
> But if the computer has 5 outside source available and still chases
> after the local source that is a bug that should be fixed. If you know
> some attempt was made to fix a bug like than in a more recent version
> than the one used by the user, then advising upgrade is appropriate (as
> is telling him never to use local)
As we are coming back to topic...

8<---
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift


# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>

server ntp1.kth.se iburst maxpoll 7
server ntp2.kth.se iburst maxpoll 7
server ntp3.kth.se iburst maxpoll 7
server ntp1.sp.se iburst maxpoll 7
server ntp2.sp.se iburst maxpoll 7

# Access control configuration; see
/usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page
<http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a
configuration
# that might be intended to block requests from certain clients could
also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet,
de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
--->8

This is the default Debian config file which have been changed to point
out 5 servers, which I was referring to in my follow-up message:

8<---

It has 2 stratum 1 and 3 stratum 2 unicast servers configured. NTP wise
this machine is a client with 5 configured servers. The problem was that
it was way off time with no apparent indication, which is wrong.

--->8

The debugger (another system admin) of this system did strace, and saw
updates to kernel. Nothing anywhere to indicate problems other than what
I mentioned that there was a zero offset.

I'll try to see if I can re-create this behavior on another machine, as
the machine we did see it on needs to be on time since its a server for
other things than time.

Cheers,
Magnus


More information about the questions mailing list