Hi, terry.lem...@dell.com wrote: > Hi > > I'm trying to diagnose a ntp problem with two systems in my environment. On > one system, ntp works correctly whether I specify the ntp server via hostname > or IP address. On the other system, ntp works correctly when I specify the > ntp server via IP address; but when I specify the ntp server via hostname, > the ntp service starts, but 'ntpq -p' returns "No association ID's returned". > When I run ntpd interactively with two level of debugging, I see the message, > "intres: resolver returned: Temporary failure in name resolution (-3), > retrying sleep until 13:09:55 scheduled at 13:09:53 (>= 17:00:00)" > > I'm trying to understand the difference in behavior between these two systems: > > > * Both systems are running SLES 12 SP2 > * Both systems are running ntp-4.2.8p13-85.1.x86_64 > * Both system have the same servers listed in /etc/resolv.conf > * Both system can resolve the hostname of the ntp server via 'nslookup' > * One system has been hardened (including the use of apparmor); on this > system, ntp no longer works correctly > * The other system has not been hardened; on this system, ntp works > correctly > > Why does ntpd have a problem with name resolution on one of these systems?
>From what you said above, it sounds like AppArmor prevents ntpd from doing a DNS lookup. In the past there could be problems when AppArmor prevented ntpd from accessing specific devices that represented hardware refclocks, e.g. a GPS receiver. Yet I've never heard that it could or did deny DNS lookups. It should be easy to check this, though, if you temporarily disable AppArmor, then see if ntpd can do the DNS lookup. If that works you should compare the AppArmor configuration for ntpd on both machines. I'm not so familiar with AppArmor that I could tell you how to tweak the configuration so that it works. Martin _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
