On 08/30/2013 04:17 AM, E-Mail Sent to this address will be added to the
BlackLists wrote:
Magnus Danielson wrote:
We had another incident where a node configured with multiple NTP
sources had an NTPD which when asked with ntpdc have peers, looks like
things are all OK, but with offsets less than a second, while the node
in fact was 6 days off the mark. Only on a number of ntpdc querries did
some of the peers expose a gigantic offset. Everything looked OK, but
time was off such that normal remote login did not work.
The error was way to non-obvious and felt like a Heisenbug in that only
when we looked more carefully at it, it started to see itself that it
was out of touch with reality.
ii ntp 1:4.2.6.p5+d i386 Network Time Protocol daemon and
What ntpdc commands did you issue, and what results did you get?
Did you also try ntpq commands, did you see differing results?
ntpq -n -c rv 0 leap
ntpq -n -c rv 0 stratum
ntpq -n -c rv 0 refid
ntpq -n -c rv 0 offset
ntpq -n -c rv 0 rootdisp
Unfortunatly no. I got the call after the fact, but lack of remote login
due to time error would prohibit me from doing anything anyway. The
server needed to be operational rather than optimize for NTP debugging.
Have you tried a newer version of NTP ?
http://www.ntp.org/downloads.html
http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/
http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p385.tar.gz
No, I listed the affected version as packaged by Debian.
Don't use Undisciplined Local Clock 27.127.1.0
Try Orphan instead is you need LAN NTP clients to stick together
while LAN and/or Internet NTP servers become unavailable.
...
keys /etc/ntp.keys # e.g. contains: 123 M LAN_MD5_KEY , 321 M Corp_MD5_KEY
, ...
trustedkey 123 321
tos cohort 1 orphan 10
restrict source nomodify
manycastserver 224.0.1.1
manycastclient 224.0.1.1 key 123 preempt
...
It has 2 stratum 1 and 3 stratum 2 unicast servers configured. NTP wise
this machine is a client with 5 configured servers. The problem was that
it was way off time with no apparent indication, which is wrong.
Cheers,
Magnus
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions