No name resolution within ntpd

markus

markus

On my computer, it seems that ntpd() does not resolve DNS names.

In my /etc/ntp.conf file I configured the following NTP pools:

Code: 
pool pool.ntp.org iburst
pool 0.de.pool.ntp.org iburst
pool 1.de.pool.ntp.org iburst
pool 0.freebsd.pool.ntp.org iburst
pool 2.freebsd.pool.ntp.org iburst

However, ntpd() does not connect to the NTP pools:

Code: 
# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 pool.ntp.org    .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 0.de.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 1.de.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 0.freebsd.pool. .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 2.freebsd.pool. .POOL.          16 p    -   64    0    0.000   +0.000   0.000

When I restart ntpd() I get the follwing entries in /var/log/messages:

Code: 
Sep 23 11:09:34 ufr-t14 ntpd[43118]: ntpd exiting on signal 15 (Terminated)
Sep 23 11:09:34 ufr-t14 ntpd[32839]: ntpd 4.2.8p16-a (1): Starting
Sep 23 11:09:34 ufr-t14 ntpd[32839]: Command line: /usr/sbin/ntpd -p /var/db/ntp/ntpd.pid -c /etc/ntp.conf -f /var/db/ntp/ntpd.drift
Sep 23 11:09:34 ufr-t14 ntpd[32839]: ----------------------------------------------------
Sep 23 11:09:34 ufr-t14 ntpd[32839]: ntp-4 is maintained by Network Time Foundation,
Sep 23 11:09:34 ufr-t14 ntpd[32839]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Sep 23 11:09:34 ufr-t14 ntpd[32839]: corporation.  Support and training for ntp-4 are
Sep 23 11:09:34 ufr-t14 ntpd[32839]: available at https://www.nwtime.org/support
Sep 23 11:09:34 ufr-t14 ntpd[32839]: ----------------------------------------------------
Sep 23 11:09:34 ufr-t14 ntpd[33817]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): good hash signature
Sep 23 11:09:34 ufr-t14 ntpd[33817]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): loaded, expire=2025-06-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
Sep 23 11:09:35 ufr-t14 ntpd[33817]: error resolving pool pool.ntp.org: Name does not resolve (8)
Sep 23 11:09:36 ufr-t14 ntpd[33817]: error resolving pool 0.de.pool.ntp.org: Name does not resolve (8)
Sep 23 11:09:37 ufr-t14 ntpd[33817]: error resolving pool 1.de.pool.ntp.org: Name does not resolve (8)
Sep 23 11:09:38 ufr-t14 ntpd[33817]: error resolving pool 0.freebsd.pool.ntp.org: Name does not resolve (8)
Sep 23 11:09:39 ufr-t14 ntpd[33817]: error resolving pool 2.freebsd.pool.ntp.org: Name does not resolve (8)


Nevertheless, with host() I am able to resolve the DNS names:

Code: 
# host 0.de.pool.ntp.org
0.de.pool.ntp.org has address 109.91.184.21
0.de.pool.ntp.org has address 185.163.116.98
0.de.pool.ntp.org has address 212.132.97.26
0.de.pool.ntp.org has address 185.252.140.125
0.de.pool.ntp.org mail is handled by 0 .

# host 0.freebsd.pool.ntp.org
0.freebsd.pool.ntp.org has address 78.47.56.71
0.freebsd.pool.ntp.org has address 79.133.44.138
0.freebsd.pool.ntp.org has address 5.9.193.27
0.freebsd.pool.ntp.org has address 129.70.132.37
0.freebsd.pool.ntp.org mail is handled by 0 .

Also ntpdate() works fine using the DNS name of the NTP server:

Code: 
# service ntpd stop
Stopping ntpd.
Waiting for PIDS: 33817.
# ntpdate 0.freebsd.pool.ntp.org
23 Sep 11:12:37 ntpdate[54455]: adjust time server 79.133.44.138 offset +0.002678 sec

I configured the NTP servers with their IP addresses as obtained by the host() command within /etc/ntp.conf:

Code: 
server 78.47.56.71 iburst
server 79.133.44.138 iburst
server 5.9.193.27 iburst
server 129.70.132.37 iburst

Now ntpd() can connect to the IP address of the NTP server:

Code: 
# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 pool.ntp.org    .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 0.de.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 1.de.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 0.freebsd.pool. .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 2.freebsd.pool. .POOL.          16 p    -   64    0    0.000   +0.000   0.000
+node-1.infogral 17.253.14.253    2 u   19   64    1   22.260   -3.309   3.112
*79.133.44.138   .MBGh.           1 u   18   64    1   12.496   -0.596   0.539
+mx.ae9.eu       152.103.15.66    2 u   17   64    1   18.609   +0.057   1.372
-stratum2-4.NTP. 129.70.137.82    2 u   16   64    1   19.725   -0.514   1.422

So, for some strange reason, ntpd is not able to resolve DNS names, while the system is able to do so. Does anyone have a clue how to fix this?
 
Seems to work fine here. One issue I can think of, DHCP not receiving an IP address and DNS servers before ntpd(8) is started during boot.
 
SirDice said:
Seems to work fine here. One issue I can think of, DHCP not receiving an IP address and DNS servers before ntpd(8) is started during boot.
Click to expand...
I don't quite understand what you mean. The IP connection is working correctly and NTP is working with the IP addresses configured in /etc/ntp.conf :

Code: 
# ifconfig em0
em0: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=4e500bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_
IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 8c:8c:aa:49:b8:80
        inet 192.168.88.122 netmask 0xffffff00 broadcast 192.168.88.255
        inet6 fe80::8e8c:aaff:fe49:b880%em0 prefixlen 64 scopeid 0x1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

# netstat -rn4
you have mail
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.88.1       UGS         em0
.  .  .

There is no DNS Server running on my computer either.

/etc/resolv.conf has the following entries:

Code: 
# cat /etc/resolv.conf
# Generated by resolvconf
search rz.privat
nameserver 192.168.88.1
nameserver 132.230.200.200
nameserver 132.230.201.111
 
Right. Try SYNCDHCP instead of DHCP. That will wait until it actually receives a DHCP offer before continuing the boot process.
 
In /etc/rc.conf I replaced
Code: 
ifconfig_em0="DHCP"
with
Code: 
ifconfig_em0="SYNCDHCP"
and rebooted my computer.
I still receive the same error message:
Code: 
Sep 23 12:32:55 ufr-t14 ntpd[72389]: error resolving pool 0.freebsd.pool.ntp.org: Name does not resolve (8)
 
Checking network after boot finished would be meaningless here, as the trouble is happening on boot, if I read your top post correctly.
How do you configure NTP-related stuff in your /etc/rc.conf[.local]?
If they're BEFORE ifconfig-related stuff and firewall-related stuff, what happenes if you move NTP-related stuff AFTER all of them?
 
And if your DHCP server supports IPv4 only, what about adding option -4 like pool -4 pool.ntp.org iburst could help.
(Your DNS server seems to resolving IPv4 address. So if your network doesn't support IPv6 properly [for example, my ISP supports IPv4 only for my old contract], restricting to IPv4 by -4 could help.)
 
I had to put in /etc/rc.conf:
Code: 
### Network link/usability verification options
netwait_enable="YES"         # Enable rc.d/netwait (or NO)
netwait_ip="192.168.10.1"    # Wait for ping response from any IP in this list.
netwait_timeout="60"         # Total number of seconds to perform pings.
netwait_if="em0"             # Wait for active link on each intf in this list.
netwait_if_timeout="30"      # Total number of seconds to monitor link state.
so I am sure my network interface is up and running before any other network request. I had the same problem like yours before.
For information I don't use DHCP but it seems my network interface is toggling up and down at boot.
 
My ntp.conf (stripping all comments) as an example.

Code: 
tos minclock 3 maxclock 6
pool -4 ntp.nict.jp minpoll 8 maxpoll 10 iburst
server -4 ntp1.jst.mfeed.ad.jp minpoll 8 maxpoll 10 iburst
server -4 ntp2.jst.mfeed.ad.jp minpoll 8 maxpoll 10 iburst
server -4 ntp3.jst.mfeed.ad.jp minpoll 8 maxpoll 10 iburst
restrict    default limited kod nomodify notrap noquery nopeer
restrict    source  limited kod nomodify notrap noquery
restrict 127.0.0.1
restrict 127.127.1.0
leapfile "/var/db/ntpd.leap-seconds.list"

Note that I configured public NTP servers in Japan, as I'm in Japan.
And the polling intervals are the requirement (for rate-limiting) of the organization operating the NTP servers. So it should be modified for your case.
 
covacat said:
try
tcpdump -i em0 -nl -vvv port 53
on another terminal while restarting ntpd
Click to expand...

When I restart ntpd() I do not get any output from tcpdump. It seems that ntpd() is not sending an DNS request out.

When I wait long enough I see requests for forums.freebsd.org and other, but they are not related to a restart of ntpd().
 
T-Aoki said:
Checking network after boot finished would be meaningless here, as the trouble is happening on boot, if I read your top post correctly.
How do you configure NTP-related stuff in your /etc/rc.conf[.local]?
If they're BEFORE ifconfig-related stuff and firewall-related stuff, what happenes if you move NTP-related stuff AFTER all of them?
Click to expand...
I put all NTP related stuff at the end of /etc/rc.conf, but the behavior did not change.
 
T-Aoki said:
And if your DHCP server supports IPv4 only, what about adding option -4 like pool -4 pool.ntp.org iburst could help.
(Your DNS server seems to resolving IPv4 address. So if your network doesn't support IPv6 properly [for example, my ISP supports IPv4 only for my old contract], restricting to IPv4 by -4 could help.)
Click to expand...
No success with this one either.
 
T-Aoki said:
How do you configure NTP-related stuff in your /etc/rc.conf[.local]?
If they're BEFORE ifconfig-related stuff and firewall-related stuff, what happenes if you move NTP-related stuff AFTER all of them?
Click to expand...
The order in rc.conf is irrelevant. They are all variables (not 'commands') and the file is simply sourced by the various calls to /etc/rc.subr. The order in which the rc.d(8) scripts (like /etc/rc.d/netif and /etc/rc.d/ntpd) are executed is dictated by rcorder(8).
 
facedebouc said:
I had to put in /etc/rc.conf:
Code: 
### Network link/usability verification options
netwait_enable="YES"         # Enable rc.d/netwait (or NO)
netwait_ip="192.168.10.1"    # Wait for ping response from any IP in this list.
netwait_timeout="60"         # Total number of seconds to perform pings.
netwait_if="em0"             # Wait for active link on each intf in this list.
netwait_if_timeout="30"      # Total number of seconds to monitor link state.
so I am sure my network interface is up and running before any other network request. I had the same problem like yours before.
For information I don't use DHCP but it seems my network interface is toggling up and down at boot.
Click to expand...

This did not work either.

This is what my rc.conf looks like:

Code: 
dumpdev="AUTO"
zfs_enable="YES"
clear_tmp_enable="YES"
syslogd_flags="-ss"
hostname="ufr-t14"
keymap="de.kbd"
memcached_enable=YES
memcached_flags="-l localhost -m 8192"
ifconfig_em0="SYNCDHCP"
wlans_iwlwifi0="wlan0"
ifconfig_wlan0="WPA DHCP"
create_args_wlan0="country DE regdomain ETSI"
netwait_enable="YES"         # Enable rc.d/netwait (or NO)
netwait_ip="192.168.88.1"    # Wait for ping response from any IP in this list.
netwait_timeout="60"         # Total number of seconds to perform pings.
netwait_if="em0"             # Wait for active link on each intf in this list.
netwait_if_timeout="30"      # Total number of seconds to monitor link state.
powerd_enable="YES"
sshd_enable="YES"
moused_nondefault_enable="NO"
dumpdev="AUTO"
tailscaled_enable="NO"
kld_list="i915kms"
webcamd_enable="YES"
sndiod_enable="YES"
virtual_oss_enable="YES"
pulseaudio_enable="YES"
cloned_interfaces="bridge0 lo1"
ifconfig_bridge0_name="em0bridge"
ifconfig_em0bridge="inet 172.31.12.1/24"
ifconfig_lo1="inet 172.31.20.5/24"
gateway_enable="YES"
jail_enable="NO"
jail_list="hugo02 dnsmasq01"
pf_enable="YES"
pflog_enable="YES"
dbus_enable="YES"
sddm_enable="YES"
hcsecd_enable="YES"
devd_enable="YES"
devd_flags="-q"
bluetooth_enable="YES"
cupsd_enable="YES"
vm_enable="YES"
vm_dir="zfs:zroot/vm"
wireguard_interfaces="wg0"
wireguard_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="NO"
ntp_leapfile_sources="https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list"
 
T-Aoki said:
My ntp.conf (stripping all comments) as an example.

Code: 
tos minclock 3 maxclock 6
pool -4 ntp.nict.jp minpoll 8 maxpoll 10 iburst
server -4 ntp1.jst.mfeed.ad.jp minpoll 8 maxpoll 10 iburst
server -4 ntp2.jst.mfeed.ad.jp minpoll 8 maxpoll 10 iburst
server -4 ntp3.jst.mfeed.ad.jp minpoll 8 maxpoll 10 iburst
restrict    default limited kod nomodify notrap noquery nopeer
restrict    source  limited kod nomodify notrap noquery
restrict 127.0.0.1
restrict 127.127.1.0
leapfile "/var/db/ntpd.leap-seconds.list"

Note that I configured public NTP servers in Japan, as I'm in Japan.
And the polling intervals are the requirement (for rate-limiting) of the organization operating the NTP servers. So it should be modified for your case.
Click to expand...

Mine looks quite similar with the suggested additions from T-Aoki:

Code: 
tos minclock 3 maxclock 6
pool -4 pool.ntp.org iburst
pool -4 0.de.pool.ntp.org iburst
pool -4 1.de.pool.ntp.org iburst
pool -4 0.freebsd.pool.ntp.org iburst
pool -4 2.freebsd.pool.ntp.org iburst
restrict default limited kod nomodify notrap noquery nopeer
restrict source  limited kod nomodify notrap noquery
restrict 127.0.0.1
restrict ::1
leapfile "/var/db/ntpd.leap-seconds.list"
 
putney said:
Do all three of these name servers work correctly, eg
Code: 
drill @132.230.200.200 example.com
?
Click to expand...

Only the first DNS server (192.168.88.1) is always working, since this is my firewall. The other to DNS Servers (132.230.200.200 and 132.230.201.111) are from my workplace and are only reachable through VPN.
 
I added
Code: 
213.209.109.44  0.freebsd.pool.ntp.org
to /etc/hosts and restarted ntpd().

Code: 
# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 pool.ntp.org    .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 0.de.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 1.de.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 0.freebsd.pool. .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 2.freebsd.pool. .POOL.          16 p    -   64    0    0.000   +0.000   0.000
*0.freebsd.pool. 10.129.9.96      2 u    1   64    1   21.689   -1.182   0.414

So, ntpd() is able to consult /etc/hosts, but not the DNS server.
 
Code: 
#
# nsswitch.conf(5) - name service switch configuration file
#
group: compat
group_compat: nis
hosts: files dns
netgroup: compat
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
 
covacat said:
try
tcpdump -i em0 -nl -vvv port 53
on another terminal while restarting ntpd
Click to expand...

For some reason, ntpd() is sending it's DNS request through the loopback interface:

Code: 
# tcpdump -i lo0 -nl -vvv port 53
you have mail
tcpdump: listening on lo0, link-type NULL (BSD loopback), snapshot length 262144 bytes
15:26:38.615847 IP (tos 0x0, ttl 64, id 10807, offset 0, flags [none], proto UDP (17), length 58, bad cksum 0 (->527a)!)
    127.0.0.1.63587 > 127.0.0.1.53: [bad udp cksum 0xfe39 -> 0x5ba5!] 6033+ A? pool.ntp.org. (30)
15:26:38.615891 IP6 (flowlabel 0x61c4b, hlim 64, next-header UDP (17) payload length: 38) ::1.31403 > ::1.53: [bad udp cksum 0x0039 -> 0xd75e!] 6033+ A? pool.ntp.org. (30)
15:26:38.615912 IP (tos 0x0, ttl 64, id 10808, offset 0, flags [none], proto UDP (17), length 58, bad cksum 0 (->5279)!)
    127.0.0.1.63670 > 127.0.0.1.53: [bad udp cksum 0xfe39 -> 0x5b52!] 6033+ A? pool.ntp.org. (30)
15:26:38.615924 IP6 (flowlabel 0x4f879, hlim 64, next-header UDP (17) payload length: 38) ::1.61502 > ::1.53: [bad udp cksum 0x0039 -> 0x61cb!] 6033+ A? pool.ntp.org. (30)
15:26:39.614294 IP (tos 0x0, ttl 64, id 7536, offset 0, flags [none], proto UDP (17), length 63, bad cksum 0 (->5f3c)!)
    127.0.0.1.46455 > 127.0.0.1.53: [bad udp cksum 0xfe3e -> 0x4a30!] 51342+ A? 0.de.pool.ntp.org. (35)
15:26:39.614324 IP6 (flowlabel 0x08054, hlim 64, next-header UDP (17) payload length: 43) ::1.57933 > ::1.53: [bad udp cksum 0x003e -> 0x1b5b!] 51342+ A? 0.de.pool.ntp.org. (35)
15:26:39.614340 IP (tos 0x0, ttl 64, id 7537, offset 0, flags [none], proto UDP (17), length 63, bad cksum 0 (->5f3b)!)
    127.0.0.1.19438 > 127.0.0.1.53: [bad udp cksum 0xfe3e -> 0xb3b9!] 51342+ A? 0.de.pool.ntp.org. (35)
15:26:39.614354 IP6 (flowlabel 0x7a064, hlim 64, next-header UDP (17) payload length: 43) ::1.36740 > ::1.53: [bad udp cksum 0x003e -> 0x6e24!] 51342+ A? 0.de.pool.ntp.org. (35)
15:26:40.615570 IP (tos 0x0, ttl 64, id 7538, offset 0, flags [none], proto UDP (17), length 63, bad cksum 0 (->5f3a)!)
    127.0.0.1.18546 > 127.0.0.1.53: [bad udp cksum 0xfe3e -> 0xc648!] 47482+ A? 1.de.pool.ntp.org. (35)
15:26:40.615620 IP6 (flowlabel 0x45e26, hlim 64, next-header UDP (17) payload length: 43) ::1.12959 > ::1.53: [bad udp cksum 0x003e -> 0xda1c!] 47482+ A? 1.de.pool.ntp.org. (35)
15:26:40.615652 IP (tos 0x0, ttl 64, id 7539, offset 0, flags [none], proto UDP (17), length 63, bad cksum 0 (->5f39)!)
    127.0.0.1.62973 > 127.0.0.1.53: [bad udp cksum 0xfe3e -> 0x18bd!] 47482+ A? 1.de.pool.ntp.org. (35)
15:26:40.615662 IP6 (flowlabel 0x54747, hlim 64, next-header UDP (17) payload length: 43) ::1.46133 > ::1.53: [bad udp cksum 0x003e -> 0x5886!] 47482+ A? 1.de.pool.ntp.org. (35)
15:26:42.614379 IP (tos 0x0, ttl 64, id 7540, offset 0, flags [none], proto UDP (17), length 68, bad cksum 0 (->5f33)!)
    127.0.0.1.54351 > 127.0.0.1.53: [bad udp cksum 0xfe43 -> 0x9eb7!] 42170+ A? 2.freebsd.pool.ntp.org. (40)
15:26:42.614417 IP6 (flowlabel 0x7ec07, hlim 64, next-header UDP (17) payload length: 48) ::1.20148 > ::1.53: [bad udp cksum 0x0043 -> 0x2254!] 42170+ A? 2.freebsd.pool.ntp.org. (40)
15:26:42.614439 IP (tos 0x0, ttl 64, id 54140, offset 0, flags [none], proto UDP (17), length 68, bad cksum 0 (->a92a)!)
    127.0.0.1.38022 > 127.0.0.1.53: [bad udp cksum 0xfe43 -> 0xde80!] 42170+ A? 2.freebsd.pool.ntp.org. (40)
15:26:42.614454 IP6 (flowlabel 0x6b114, hlim 64, next-header UDP (17) payload length: 48) ::1.14936 > ::1.53: [bad udp cksum 0x0043 -> 0x36b0!] 42170+ A? 2.freebsd.pool.ntp.org. (40)

Is there a way to tell ntpd() to use a different interface?
 
You must log in or register to reply here.
Back
Top