On Wed, Nov 06, 2019 at 08:46:16AM +0100, Peter J. Philipp wrote:
> Hi,
>
> I have an IPv6 only host arrowhead.ip6.centroid.eu, that has very noisy:
>
> Oct 29 09:12:48 arrowhead ntpd[18744]: DNS lookup tempfail
> Oct 29 09:21:45 arrowhead last message repeated 2 times
>
> in fact:
>
> arrowhead# grep 'DNS lookup tempfail' /var/log/daemon | wc -l
> 1354
>
> This is because the pool.ntp.org servers as configured don't give back AAAA
> answers. I'm trying to streamline this a little and only ask for AAAA queries
> if there is no v4 connectivity. With change of the 'stdio dns' pledge to
> 'stdio inet dns' this is possible, when using another constraint from google.
> There is no network traffic, just a route lookup if IPv4 is possible at all.
>
> Here is my patch, under my sig.
>
> -peter
>
> Index: config.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ntpd/config.c,v
> retrieving revision 1.32
> diff -u -p -u -r1.32 config.c
> --- config.c 7 Jul 2019 07:14:57 -0000 1.32
> +++ config.c 6 Nov 2019 07:36:07 -0000
> @@ -30,8 +30,9 @@
>
> #include "ntpd.h"
>
> -struct ntp_addr *host_ip(const char *);
> -int host_dns1(const char *, struct ntp_addr **, int);
> +struct ntp_addr *host_ip(const char *);
> +int host_dns1(const char *, struct ntp_addr **, int);
> +static int test_v4_gw(void);
>
> static u_int32_t maxid = 0;
> static u_int32_t constraint_maxid = 0;
> @@ -59,7 +60,7 @@ host_ip(const char *s)
> struct ntp_addr *h = NULL;
>
> memset(&hints, 0, sizeof(hints));
> - hints.ai_family = AF_UNSPEC;
> + hints.ai_family = (test_v4_gw() == 0) ? AF_UNSPEC : AF_INET6;
> hints.ai_socktype = SOCK_DGRAM; /*dummy*/
> hints.ai_flags = AI_NUMERICHOST;
> if (getaddrinfo(s, "0", &hints, &res) == 0) {
> @@ -94,7 +95,7 @@ host_dns1(const char *s, struct ntp_addr
> struct ntp_addr *h, *hh = NULL;
>
> memset(&hints, 0, sizeof(hints));
> - hints.ai_family = AF_UNSPEC;
> + hints.ai_family = (test_v4_gw() == 0) ? AF_UNSPEC : AF_INET6;
> hints.ai_socktype = SOCK_DGRAM; /* DUMMY */
> hints.ai_flags = AI_ADDRCONFIG;
you just implemented a variation of AI_ADDRCONFIG
> error = getaddrinfo(s, NULL, &hints, &res0);
> @@ -181,3 +182,28 @@ new_constraint(void)
> return (p);
> }
>
> +static int
> +test_v4_gw(void)
> +{
> + struct sockaddr_in sin;
> + socklen_t st = sizeof(struct sockaddr_in);
> + int so;
> +
> + so = socket(AF_INET, SOCK_DGRAM, 0);
> + if (so < 0) {
> + return 0;
> + }
> +
> + memset(&sin, 0, sizeof(sin));
> + sin.sin_family = AF_INET;
> + sin.sin_addr.s_addr = inet_addr(CONN_CONSTRAINT);
> + sin.sin_port = htons(53);
> +
> + if (connect(so, (struct sockaddr *)&sin, st) < 0) {
> + close(so);
> + return 0;
> + }
> +
> + close(so);
> + return 1;
> +}
> Index: ntp_dns.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ntpd/ntp_dns.c,v
> retrieving revision 1.24
> diff -u -p -u -r1.24 ntp_dns.c
> --- ntp_dns.c 27 Jun 2019 15:18:42 -0000 1.24
> +++ ntp_dns.c 6 Nov 2019 07:36:07 -0000
> @@ -98,7 +98,7 @@ ntp_dns(struct ntpd_conf *nconf, struct
> fatal(NULL);
> imsg_init(ibuf_dns, PARENT_SOCK_FILENO);
>
> - if (pledge("stdio dns", NULL) == -1)
> + if (pledge("stdio inet dns", NULL) == -1)
> err(1, "pledge");
>
> probe_root();
> @@ -170,7 +170,7 @@ dns_dispatch_imsg(struct ntpd_conf *ncon
> strlen(name) != len)
> fatalx("invalid %s received", str);
> if ((cnt = host_dns(name, nconf->status.synced,
> - &hn)) == -1)
> + &hn)) <= 0)
... and this change silences your warnings.
> break;
> buf = imsg_create(ibuf_dns, imsg.hdr.type,
> imsg.hdr.peerid, 0,
> Index: ntpd.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ntpd/ntpd.h,v
> retrieving revision 1.146
> diff -u -p -u -r1.146 ntpd.h
> --- ntpd.h 16 Jul 2019 14:15:40 -0000 1.146
> +++ ntpd.h 6 Nov 2019 07:36:07 -0000
> @@ -40,6 +40,7 @@
> #define CONFFILE "/etc/ntpd.conf"
> #define DRIFTFILE "/var/db/ntpd.drift"
> #define CTLSOCKET "/var/run/ntpd.sock"
> +#define CONN_CONSTRAINT "8.8.8.8" /* to test connectivity */
>
> #define INTERVAL_QUERY_NORMAL 30 /* sync to peers every
> n secs */
> #define INTERVAL_QUERY_PATHETIC 60
>
--
I'm not entirely sure you are real.
