On Wed, Nov 06, 2019 at 08:46:16AM +0100, Peter J. Philipp wrote: > Hi, > > I have an IPv6 only host arrowhead.ip6.centroid.eu, that has very noisy: > > Oct 29 09:12:48 arrowhead ntpd[18744]: DNS lookup tempfail > Oct 29 09:21:45 arrowhead last message repeated 2 times > > in fact: > > arrowhead# grep 'DNS lookup tempfail' /var/log/daemon | wc -l > 1354 > > This is because the pool.ntp.org servers as configured don't give back AAAA > answers. I'm trying to streamline this a little and only ask for AAAA queries > if there is no v4 connectivity. With change of the 'stdio dns' pledge to > 'stdio inet dns' this is possible, when using another constraint from google. > There is no network traffic, just a route lookup if IPv4 is possible at all. > > Here is my patch, under my sig. > > -peter > > Index: config.c > =================================================================== > RCS file: /cvs/src/usr.sbin/ntpd/config.c,v > retrieving revision 1.32 > diff -u -p -u -r1.32 config.c > --- config.c 7 Jul 2019 07:14:57 -0000 1.32 > +++ config.c 6 Nov 2019 07:36:07 -0000 > @@ -30,8 +30,9 @@ > > #include "ntpd.h" > > -struct ntp_addr *host_ip(const char *); > -int host_dns1(const char *, struct ntp_addr **, int); > +struct ntp_addr *host_ip(const char *); > +int host_dns1(const char *, struct ntp_addr **, int); > +static int test_v4_gw(void); > > static u_int32_t maxid = 0; > static u_int32_t constraint_maxid = 0; > @@ -59,7 +60,7 @@ host_ip(const char *s) > struct ntp_addr *h = NULL; > > memset(&hints, 0, sizeof(hints)); > - hints.ai_family = AF_UNSPEC; > + hints.ai_family = (test_v4_gw() == 0) ? AF_UNSPEC : AF_INET6; > hints.ai_socktype = SOCK_DGRAM; /*dummy*/ > hints.ai_flags = AI_NUMERICHOST; > if (getaddrinfo(s, "0", &hints, &res) == 0) { > @@ -94,7 +95,7 @@ host_dns1(const char *s, struct ntp_addr > struct ntp_addr *h, *hh = NULL; > > memset(&hints, 0, sizeof(hints)); > - hints.ai_family = AF_UNSPEC; > + hints.ai_family = (test_v4_gw() == 0) ? AF_UNSPEC : AF_INET6; > hints.ai_socktype = SOCK_DGRAM; /* DUMMY */ > hints.ai_flags = AI_ADDRCONFIG;
you just implemented a variation of AI_ADDRCONFIG > error = getaddrinfo(s, NULL, &hints, &res0); > @@ -181,3 +182,28 @@ new_constraint(void) > return (p); > } > > +static int > +test_v4_gw(void) > +{ > + struct sockaddr_in sin; > + socklen_t st = sizeof(struct sockaddr_in); > + int so; > + > + so = socket(AF_INET, SOCK_DGRAM, 0); > + if (so < 0) { > + return 0; > + } > + > + memset(&sin, 0, sizeof(sin)); > + sin.sin_family = AF_INET; > + sin.sin_addr.s_addr = inet_addr(CONN_CONSTRAINT); > + sin.sin_port = htons(53); > + > + if (connect(so, (struct sockaddr *)&sin, st) < 0) { > + close(so); > + return 0; > + } > + > + close(so); > + return 1; > +} > Index: ntp_dns.c > =================================================================== > RCS file: /cvs/src/usr.sbin/ntpd/ntp_dns.c,v > retrieving revision 1.24 > diff -u -p -u -r1.24 ntp_dns.c > --- ntp_dns.c 27 Jun 2019 15:18:42 -0000 1.24 > +++ ntp_dns.c 6 Nov 2019 07:36:07 -0000 > @@ -98,7 +98,7 @@ ntp_dns(struct ntpd_conf *nconf, struct > fatal(NULL); > imsg_init(ibuf_dns, PARENT_SOCK_FILENO); > > - if (pledge("stdio dns", NULL) == -1) > + if (pledge("stdio inet dns", NULL) == -1) > err(1, "pledge"); > > probe_root(); > @@ -170,7 +170,7 @@ dns_dispatch_imsg(struct ntpd_conf *ncon > strlen(name) != len) > fatalx("invalid %s received", str); > if ((cnt = host_dns(name, nconf->status.synced, > - &hn)) == -1) > + &hn)) <= 0) ... and this change silences your warnings. > break; > buf = imsg_create(ibuf_dns, imsg.hdr.type, > imsg.hdr.peerid, 0, > Index: ntpd.h > =================================================================== > RCS file: /cvs/src/usr.sbin/ntpd/ntpd.h,v > retrieving revision 1.146 > diff -u -p -u -r1.146 ntpd.h > --- ntpd.h 16 Jul 2019 14:15:40 -0000 1.146 > +++ ntpd.h 6 Nov 2019 07:36:07 -0000 > @@ -40,6 +40,7 @@ > #define CONFFILE "/etc/ntpd.conf" > #define DRIFTFILE "/var/db/ntpd.drift" > #define CTLSOCKET "/var/run/ntpd.sock" > +#define CONN_CONSTRAINT "8.8.8.8" /* to test connectivity */ > > #define INTERVAL_QUERY_NORMAL 30 /* sync to peers every > n secs */ > #define INTERVAL_QUERY_PATHETIC 60 > -- I'm not entirely sure you are real.