[ntp:questions] ntp update from 4.2.4p8 at 1.1612 to ntpq 4.2.6p5 at 1.2349 orphan mode issue
Natalie Abravanel
natalie.abravanel at kaminario.com
Mon May 22 18:56:50 UTC 2017
Hey,
I used to have the following ntp configuration, which worked properly for ntp version 4.2.4p8
I have upgrade to 4.2.6p5, it seems like "tos orphan 2" causes to reject the ntp source (it is been rejected even if the offset from the remote is insignificant)
_______________________-source rejected_________________________
[root at kblock01-knode01 ~]# ntpq
ntpq> associations
ind assid status conf reach auth condition last_event cnt
===========================================================
1 10649 903d yes yes none reject 3
ntpq>
_______________________________________________________________
I have tried to increase the stratum from 2 to 8 (in the tos orphan statement) - the result it took some time but eventually the remote was accepted. ( in 4.2.4 it was instantly)
The side effect : I have other servers that uses this ntp server as their remote, but now they refuse to accept it .
In general I have, one ntp server with the below configuration( which syncs to some external ntp) , and other server which syncs to it.
Any ideas or know issues with tos orphn?
10x, Natalie
____________________ntp configuration ____________________________________________________
tinker panic 0
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
server 172.16.1.150 iburst
tos orphan 2
tos maxdist 30
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
_______________________________________-other servers configuration
tinker panic 0
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
server 172.20.5.2 iburst minpoll 4 maxpoll 4 #management clock
tos maxdist 30
More information about the questions
mailing list