Re: [ntp:questions] Time slew doesn't seem to work
Unruh wrote: > > Do you know any code that cares if that is wrong by 10% (which would be > 10PPM) Ie, is 10% error insane? > RTP. Anything measuring speeds based on crossing starting and ending thresholds. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Ntp in peer configuration
Ginni Misra wrote: > I am trying to use NTP in peer configuration. No. You are trying to use NTP in an orphaned configuration, which has never had any parents! NTP was not designed for that, although recent additions (ophan mode) make it just about workable. Timed was designed for that, so you should be investigating that. PS. Please restrict your lines to about 70 characters or use a user agent that that specifies format=flowed (these will automatically restrict the lengths of the lines, but a compatible user agent will merge and re-wrap then appropriately). ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Linux 11-minute mode (RTC update)
On Thursday, April 10, 2008 at 18:02:38 +0100, Maciej W. Rozycki wrote: >> This holds the clock for up to a second > I am not sure what you mean Anyway I experimented a little: This doesn't seem to work as I hoped. And it can even lock the clock, requiring a oscillator reset. :-( The idea was about the RTC_SET flag (bit #7 of register B). It suspends clock updates, without any effect on the oscillator nor PIE. I was hoping it would delay next updates by as long as it was asserted. But no: the next update is either skipped, or happens at the usual time. Serge. -- Serge point Bets arobase laposte point net ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Time slew doesn't seem to work
>Do you know any code that cares if that is wrong by 10% (which would be >10PPM) Ie, is 10% error insane? >Is 1% (1PPM)? >Ie, .05% seems a bit extreme for that. I used to do a lot of performance measurements. For the stuff I was doing, 10% is easy to spot. 1% is borderline. -- These are my opinions, not necessarily my employer's. I hate spam. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
[EMAIL PROTECTED] wrote: > I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC 2007 That is not a standard version number. Who allocated the "@1.1570-o" part of the version number? You may be better off getting support from them. > (1) and running but the time on the ntp host does not appear to be > synching with the nominated external time references. Any assistance much > appreciated. That's because no (valid) replies have been received from any of them. The two common causes of this are over-aggressive restrict lines and firewalls. I think your restrict lines may be OK, but I'd suggest confirming that it works without any. Using pool servers limits your ability to use restrict and the defaults must permit your client to use any times it receives. Another possibility is that they have restrict kod set on the servers, and you are using multiple clients and NAT, in a way that causes the rate limits to be exceeded. People often overlook the Linux iptables firewall. You should run ntpq rv on the associations from your servers, to see if they are responding, but the responses are being rejected, and if so why. You should also try running tcpdump, etc., at appropriate places on the network to find out if they are getting blocked at some point. > My ntp.conf file is out of thebox with the exception of the external time > servers Whose box? I believe the official box doesn't have a configuration file in it. > # Permit time synchronization with our time source, but do not > # permit the source to query or modify the service on this system. Note this answers the recent question about ntpq peers not working! > > # Undisciplined Local Clock. This is a fake driver intended for backup > # and when no outside source of synchronized time is available. This description is incomplete, and, in my view, no out of the box configuration should have these lines enabled. They should only be enabled on servers and only if you understand the risks. However, that is not an issue here. > server 127.127.1.0 # local clock > fudge 127.127.1.0 stratum 10 ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Linux 11-minute mode (RTC update)
On Wednesday, April 9, 2008 at 18:18:15 +, Unruh wrote: > But when one is advising someone, one must assume that they have at > least the typical if not the worst condition That's not false... > How in the world did you the power off drift to 5 significant figures? With two hwclock --systohc and awk over one real night, from halt to soon after restart. I can't guarantee the 3rd decimal, though. Each night has its own temperature. Serge. -- Serge point Bets arobase laposte point net ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Why do many time servers time out on queries from ntpq -p?
On Apr 12, 12:29 am, Steve Kostecke <[EMAIL PROTECTED]> wrote: > The server operator has set a 'noquery' restriction. I'll try to pre-emptively answer the next question, whcih is likely to be "why would they do that?" The answer is security. On our network, we follow the principle of least privelege. That is, we enable or allow only that which is required to perform a particular function, and nothing else. Some people call this a "default deny" permissions model. ntpq can leak information about your internal network structure that could be useful to an attacker. It is also another bit of network- enabled code that could have buffer overflows or other vulnerabilites. ntp (the protocol) functions just fine with without mode 6/7 queries enabled, so they are disabled. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
[EMAIL PROTECTED] wrote: > Greetings, > > I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC 2007 > (1) and running but the time on the ntp host does not appear to be > synching with the nominated external time references. Any assistance much > appreciated. > > Details as follows: > > [EMAIL PROTECTED] etc]# ntpq -p > remote refid st t when poll reach delay offset > jitter > == > wireless.org.au .INIT. 16 u- 25600.0000.000 > 0.000 > pond.thecave.ws .INIT. 16 u- 25600.0000.000 > 0.000 > cust6381.nsw01. .INIT. 16 u- 25600.0000.000 > 0.000 > core.narx.net .INIT. 16 u- 25600.0000.000 > 0.000 > *LOCAL(0).LOCL. 10 l3 64 3770.0000.000 > 0.001 > > The logs don't seem to indicate a problem: The problem should be clear from the above ntpq -p banner!! None of the servers you have configured have responded to requests sent by your system! Can you ping these servers and get a response? Do you have a firewall that is blocking Port 123? BTW, if you didn't wait at least 30 minutes between starting ntpd and getting the ntpq banner, you wasted your time! Ntpd generally requires about that much time to figure out exactly what time it is and to beat your clock into submission. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
On 2008-04-12, David Woolley <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > >> I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC >> 2007 > > That is not a standard version number. Really? On my system running 4.2.5p54 built from sources downloaded from www.ntp.org I see: $ ntpq -c"rv 0 version" assID=0 status=0654 leap_none, sync_ntp, 5 events, event_peer/strat_chg, version="ntpd [EMAIL PROTECTED] Fri Jun 22 14:26:20 UTC 2007 (2)" > Who allocated the "@1.1570-o" part of the version number? ntp.org > You may be better off getting support from them. I believe he's in the right place. >> (1) and running but the time on the ntp host does not appear to be >> synching with the nominated external time references. Any assistance much >> appreciated. > > That's because no (valid) replies have been received from any of them. > The two common causes of this are over-aggressive restrict lines and > firewalls. > > I think your restrict lines may be OK, They are. > but I'd suggest confirming that it works without any. It won't. > Using pool servers limits your ability to use restrict and the > defaults must permit your client to use any times it receives. They do. > Another possibility is that they have restrict kod set on the servers, > and you are using multiple clients and NAT, in a way that causes the > rate limits to be exceeded. If that were the case you would see .KOD. in the ntpq peers billboard. > People often overlook the Linux iptables firewall. Port 123/UDP must be open to receive packets from the remote time servers. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
Tony, Why do you have a local refclock configured? Why are you not using the 'iburst' keyword on your server lines? Have you seen http://support.ntp.org/bin/view/Support/ConfiguringNTP ? -- Harlan Stenn <[EMAIL PROTECTED]> http://ntpforum.isc.org - be a member! ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
>>> In article <[EMAIL PROTECTED]>, "Richard B. Gilbert" <[EMAIL PROTECTED]> >>> writes: Richard> BTW, if you didn't wait at least 30 minutes between starting ntpd Richard> and getting the ntpq banner, you wasted your time! Ntpd generally Richard> requires about that much time to figure out exactly what time it is Richard> and to beat your clock into submission. Which is why we recommend using 'iburst', as with a good drift file ntpd will have everything ready to go in about 11 seconds' time. -- Harlan Stenn <[EMAIL PROTECTED]> http://ntpforum.isc.org - be a member! ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
Harlan Stenn wrote: > > Why do you have a local refclock configured? Because he's using an out of the box configuration. That, is probably the main reason that people have them configured. You really need to ask the people who put in the box, but I suspect they don't know, either. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
On 2008-04-12, David Woolley <[EMAIL PROTECTED]> wrote: > Harlan Stenn wrote: > >> Why do you have a local refclock configured? > > Because he's using an out of the box configuration. That, is probably > the main reason that people have them configured. You really need to > ask the people who put in the box, but I suspect they don't know, > either. The problem here is that the distribution does not contain a decent assortment of example configuration files for common configurations. So the OS distributors/aggregators/vendors each cobble together their own one size fits all configuration file. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
>The problem here is that the distribution does not contain a decent >assortment of example configuration files for common configurations. So >the OS distributors/aggregators/vendors each cobble together their own >one size fits all configuration file. But does a local refclock make sense in a typical setup? Does the wiki have a good collection of examples? and the discussion that goes with them? How much effort would it take to make one? Would it make sense to encourage distributions to include a URL at the top of their prototype config file? -- These are my opinions, not necessarily my employer's. I hate spam. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
On 2008-04-12, Richard B. Gilbert <[EMAIL PROTECTED]> wrote: > BTW, if you didn't wait at least 30 minutes between starting ntpd and > getting the ntpq banner, you wasted your time! Nonsense. After only two polls you can see if your ntpd is able to contact the remote time servers. You don't need to wait 30 minutes for that. As ntpd continues to poll you can see if a step was required or if the clock is being steered in the right direction . > Ntpd generally requires about that much time to figure out exactly > what time it is and to beat your clock into submission. That's not the issue here. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Why do many time servers time out on queries from ntpq -p?
On 2008-04-12, Ryan Malayter <[EMAIL PROTECTED]> wrote: > On Apr 12, 12:29 am, Steve Kostecke <[EMAIL PROTECTED]> wrote: > >> The server operator has set a 'noquery' restriction. > > I'll try to pre-emptively answer the next question, [which] is likely to > be "why would they do that?" > > The answer is security. It also denies the users of a time server potentially valuable information about that server's time sources. You may find it acceptable to use a block box time source with un-auditable time sources. I do not. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
