[ntp:questions] Reachable and rejected

Dave Close dave at compata.com
Fri Sep 12 22:58:50 UTC 2008

Steve Kostecke wrote:

>Are server1 and server2 real NTP servers? What does their ntpq -p output
>look like?

I don't have access to these servers.

Richard Gilbert wrote:

>The offset is large enough that ntpd would need several DAYS to work it off.
>Try setting your clock to a reasonable approximation of the correct time
>before starting ntpd.  ntpd -g should do the job if you are running a
>reasonably recent version.  If your version is too old to support -g,
>then use ntpdate to set the clock before starting ntpd.

I've already explained that the machine in question has been up for
more than a week (ten days, actually). The time was properly synced
when it started but has drifted since.

David Woolley wrote:

>Root dispersion is excessive.  Combined with a stratum of 2, this is
>indicative of your using a w32time server rather than an NTP server.
>However, NAT should make no difference.  By any chance were the machines
>outside the NAT w32time clients, rather than NTP clients?

All the machines under my control are running Fedora, mostly Fedora 7,
both inside and outside the NAT.

>A real NTP server would not report root delay as zero unless it had a
>directly connected reference clock.  The reference ID indicates that
>that is not the case, and the stratum is suggestive that it isn't the
>case.  Again it looks as though you are not talking to an NTP server and
>probably talking to a w32time one.

>What I think you can safely say is that you are not talking to an NTP

>(Basically, the rootdispersion is telling you that the server hasn't had
>an update for so long that it can't be sure of its own time to better
>than 14 seconds.  NTP requires that, after adding extra errors for the
>hop to the client, that it know to better than one second.)

Excellent information. As I said above, I don't have access to these
servers; I was merely given their addresses as the only ones available
to me. nmap -O reports that their OS doesn't exactly match anything
known but some of the open ports seem to be indicative of Windoze.

If the only time servers available to me are Windoze, I can certainly
see why I've got a problem. However, I still don't understand why
those machines outside the NAT are keeping time well while the ones
behind it are unable to maintain synchronization.

Perhaps the best course of action for now is to add server ability
to one or more of my own machines that do have good time, then point
to those from behind the NAT. Thanks for all the good information.
Dave Close, Compata, Costa Mesa CA "Giving money and power to government
dave at compata.com, +1 714 434 7359   is like giving whiskey and car keys
dhclose at alumni.caltech.edu          to teenage boys." - P. J. O'Rourke

Dave Close, Compata, Costa Mesa CA  "Politics is the business of getting
dave at compata.com, +1 714 434 7359    power and privilege without
dhclose at alumni.caltech.edu           possessing merit." - P. J. O'Rourke

More information about the questions mailing list