[ntp:questions] NTPD not receiving any response from timservers

Steve Kostecke kostecke at ntp.isc.org
Mon Nov 6 21:58:35 UTC 2006


On 2006-11-06, lingsmail at gmail.com <lingsmail at gmail.com> wrote:

> I'm trying to set up NTPD on a gentoo box to serve time to my network.
> Needless to say, it's not working. It remains as a stratum 16 server,
> because it is not syncing.

<snip>

> remote           refid  st t when poll reach   delay  offset  jitter
>=====================================================================
> ntp.demon.co.uk .INIT.  16 u    -   64    0    0.000  0.000   0.000
> box2.martinradf .INIT.  16 u    -   64    0    0.000  0.000   0.000
> hall.inhouse-so .INIT.  16 u    -   64    0    0.000  0.000   0.001

This is showing that your ntpd has not received any NTP packets from
those time servers.

And here's why:

> server ntp.demon.co.uk prefer iburst
> restrict 158.152.1.76 nomodify NOSERVE
> server 81.187.65.110 iburst
> restrict 81.187.65.110 nomodify NOSERVE noquery notrap
> server 213.170.141.38 iburst
> restrict 213.170.141.38 nomodify NOSERVE noquery notrap

noserve == Deny all packets except ntpq and ntpdc queries.

noquery == Deny all ntpq and ntpdc queries.

You've told ntpd to completely ignore your time servers. Try removing
the noserve and restarting ntpd.

Please take a look at http://ntp.isc.org/Support/AccessRestrictions (a
HOWTO-style document for configuring your ntpd access restrictions) and / or
http://www.eecis.udel.edu/~mills/ntp/html/accopt.html (the official
Access Control Options documentation).

> As an aside, how do I prevent ntpd from listening on a particular
> interface?

Use your firewall (i.e. iptables) to block port 123/UDP on that
interface.

Use restrict statements to control what IP addresses / subnets are able
to access your ntpd.

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/




More information about the questions mailing list