[ntp:questions] Servers with identical ntp.conf keep falling out of sync

Richard B. Gilbert rgilbert88 at comcast.net
Tue Jan 16 13:46:33 UTC 2007

Gushi wrote:
> Hey all, I have two servers in two different datacenters using the same
> ntp.conf.
> To wit:
> # Prohibit general access to this service.
> restrict default ignore
> # Permit all access over the loopback interface.  This could
> # be tightened as well, but to do so would effect some of
> # the administrative functions.
> restrict
> server 0.us.pool.ntp.org
> server 1.us.pool.ntp.org
> server 2.us.pool.ntp.org
> driftfile /etc/ntp/drift
> The problem is, that the servers keep drifting apart from each other,
> to the degree that DNS TSIG transactions break down.  Is there anything
> obvious to try to fix this?  Usually when this happens, killing ntpd
> and then running ntpdate will fix it.
> -Dan

Lose the restrict statements!   Unless things have changed really 
recently, you need to supply an actual numeric IP address in each 
restrict statement which you cannot do for a pool server.  Restrict 
default ignore told your server to ignore the whole world and you didn't 
and can't tell it to allow the pool servers!!!!!

More information about the questions mailing list