[ntp:questions] ntp update from 4.2.4p8 at 1.1612 to ntpq 4.2.6p5 at 1.2349 orphan mode issue

Natalie Abravanel natalie.abravanel at kaminario.com
Mon May 22 18:56:50 UTC 2017


Hey,

I used to have the following ntp configuration, which worked properly for ntp version 4.2.4p8
I have upgrade to 4.2.6p5, it seems like "tos orphan 2" causes to reject the ntp source (it is been rejected even if the offset from the remote is insignificant)
_______________________-source rejected_________________________
[root at kblock01-knode01 ~]# ntpq
ntpq> associations

ind assid status  conf reach auth condition  last_event cnt
===========================================================
  1 10649  903d   yes   yes  none    reject              3
ntpq>
_______________________________________________________________
I have tried to increase the stratum from 2 to 8 (in the tos orphan statement) - the result  it took some time but eventually the remote was accepted. ( in 4.2.4 it was instantly)
The side effect : I have other servers that uses this ntp server as their remote, but now they refuse to accept it .
In general I have, one ntp server with the below configuration( which syncs to some external ntp) , and other server which syncs to it.
Any ideas or know issues with tos orphn?

10x, Natalie

____________________ntp configuration ____________________________________________________
tinker panic 0
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
server 172.16.1.150 iburst

tos orphan 2
tos maxdist 30

# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

_______________________________________-other servers configuration
tinker panic 0
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
server 172.20.5.2 iburst minpoll 4 maxpoll 4  #management clock
tos maxdist 30


More information about the questions mailing list