[ntp:questions] Servers with identical ntp.conf keep falling out of sync

David Woolley david at djwhome.demon.co.uk
Tue Jan 16 07:29:35 UTC 2007

In article <1168924435.184543.167690 at 11g2000cwr.googlegroups.com>,
Gushi <google at gushi.org> wrote:

> # Prohibit general access to this service.
> restrict default ignore
> # Permit all access over the loopback interface.  This could
> # be tightened as well, but to do so would effect some of
> # the administrative functions.
> restrict

> The problem is, that the servers keep drifting apart from each other,

Providing ntpq peers and syslog output would have helped, however, it
looks to me as though they are never synchronising, because no acceptable
response packets are being returned.

> to the degree that DNS TSIG transactions break down.  Is there anything
> obvious to try to fix this?  Usually when this happens, killing ntpd
> and then running ntpdate will fix it.

ntpdate working but ntpd not is a common symptom, and a search of 
groups.google will show you that it is likely to be either the result of
over zealous restricts or firewalling of low numbered UDP ports.  You 
certainly have a problem with over zealous restricts.  You may have a
problem with firewalling, although the latter normally only makes a
difference when you use ntpdate in diagnostic modes.

Basically, if you use pool servers, you must accept time from anyone
(this will still limit you to servers that you are actually polling,
unless you also permit unauthenticated passive peering from all comers).

More information about the questions mailing list