[ntp:questions] Problem with time synchronisaton

David Woolley david at ex.djwhome.demon.co.uk.invalid
Sat Apr 12 09:18:58 UTC 2008


tony.carter at dpi.nsw.gov.au wrote:

> I have ntpd installed (ntpq 4.2.2p1 at 1.1570-o Mon Jun  4 15:13:06 UTC 2007 

That is not a standard version number.  Who allocated the "@1.1570-o" 
part of the version number?  You may be better off getting support from 
them.

> (1) and running but the time on the ntp host does not appear to be 
> synching with the nominated external time references.  Any assistance much 
> appreciated.

That's because no (valid) replies have been received from any of them. 
The two common causes of this are over-aggressive restrict lines and 
firewalls.

I think your restrict lines may be OK, but I'd suggest confirming that 
it works without any.  Using pool servers limits your ability to use 
restrict and the defaults must permit your client to use any times it 
receives.

Another possibility is that they have restrict kod set on the servers, 
and you are using multiple clients and NAT, in a way that causes the 
rate limits to be exceeded.

People often overlook the Linux iptables firewall.

You should run ntpq rv on the associations from your servers, to see if 
they are responding, but the responses are being rejected, and if so 
why.  You should also try running tcpdump, etc., at appropriate places 
on the network to find out if they are getting blocked at some point.

> My ntp.conf file is out of thebox with the exception of the external time 
> servers

Whose box?  I believe the official box doesn't have a configuration file 
in it.

> # Permit time synchronization with our time source, but do not
> # permit the source to query or modify the service on this system.

Note this answers the recent question about ntpq peers not working!

> 
> # Undisciplined Local Clock. This is a fake driver intended for backup
> # and when no outside source of synchronized time is available. 

This description is incomplete, and, in my view, no out of the box 
configuration should have these lines enabled.  They should only be 
enabled on servers and only if you understand the risks.  However, that 
is not an issue here.

> server  127.127.1.0     # local clock
> fudge   127.127.1.0 stratum 10




More information about the questions mailing list