[time] problem with russian pool servers ntp.ru

Andy Spiers andy
Thu Feb 4 12:40:27 UTC 2010


Ronan Flood wrote:
>> For example:
>> 80.90.180.141   .INIT. 16 u    - 1024    0    0.000    0.000   0.000
>>
>> Can someone please check if these servers are broken or if I'm doing
>> something wrong?
> 
> I've tried that one, and I see the same behaviour as you.  I suppose
> they could be behind firewalls blocking incoming traffic from port 123,
> which would explain why ntpdate -u works.

Exactly. I've just verified that your theory is correct with tcpdump. Time 
packets from a high port receive a response whereas time packets from port 123 
do not.

I didn't realise before that the debug option "ntpdate -d" makes it use an 
unprivileged source port.

So "ntpdate -v 80.90.180.141" does NOT work because it uses port 123 as source 
whereas "ntpdate -d 80.90.180.141" DOES work because it uses a high-numbered port.

Surely all these servers should be removed from the pool if they do not allow 
connections from port 123?

Andy



More information about the pool mailing list