[ntp:questions] 'Temporary failure in name resolution' ntpd error
martin.burnicki at burnicki.net
Wed Jun 10 21:41:56 UTC 2020
Terry.Lemons at dell.com wrote:
> I'm trying to diagnose a ntp problem with two systems in my environment. On one system, ntp works correctly whether I specify the ntp server via hostname or IP address. On the other system, ntp works correctly when I specify the ntp server via IP address; but when I specify the ntp server via hostname, the ntp service starts, but 'ntpq -p' returns "No association ID's returned". When I run ntpd interactively with two level of debugging, I see the message, "intres: resolver returned: Temporary failure in name resolution (-3), retrying sleep until 13:09:55 scheduled at 13:09:53 (>= 17:00:00)"
> I'm trying to understand the difference in behavior between these two systems:
> * Both systems are running SLES 12 SP2
> * Both systems are running ntp-4.2.8p13-85.1.x86_64
> * Both system have the same servers listed in /etc/resolv.conf
> * Both system can resolve the hostname of the ntp server via 'nslookup'
> * One system has been hardened (including the use of apparmor); on this system, ntp no longer works correctly
> * The other system has not been hardened; on this system, ntp works correctly
> Why does ntpd have a problem with name resolution on one of these systems?
>From what you said above, it sounds like AppArmor prevents ntpd from
doing a DNS lookup.
In the past there could be problems when AppArmor prevented ntpd from
accessing specific devices that represented hardware refclocks, e.g. a
GPS receiver. Yet I've never heard that it could or did deny DNS lookups.
It should be easy to check this, though, if you temporarily disable
AppArmor, then see if ntpd can do the DNS lookup. If that works you
should compare the AppArmor configuration for ntpd on both machines. I'm
not so familiar with AppArmor that I could tell you how to tweak the
configuration so that it works.
More information about the questions