search

abh / ntppool

NTP Pool Project
https://www.ntppool.org/
Other
213 stars 137 forks source link

"DNS lookup tempfail" when running on an openbsd IPv6-only node #231

Open ongolaboy opened 7 months ago

ongolaboy commented 7 months ago

Hello,

I'm running ntp-4.2.8pl10p6 on openbsd7.4 .. I saw messages like this one ntpd[26862]: DNS lookup tempfail

This node is running with IPv6-only.

The default ntpd.conf shipped is

# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf

servers pool.ntp.org
server time.cloudflare.com
sensor *

constraint from "9.9.9.9"              # quad9 v4 without DNS
constraint from "2620:fe::fe"          # quad9 v6 without DNS
constraints from "www.google.com"      # intentionally not 8.8.8.8

Since I did not have IPv4, I initially only commented the constraint with IPv4 . But it was not enough.

Then I realised that pool.ntp.org doesn't include a AAAA record. I ended up by commenting the servers line and added several servers close enough .

# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf

#servers pool.ntp.org
server time.cloudflare.com
server ntp1.xxxx
server ntp2.xxxx
sensor *

#constraint from "9.9.9.9"              # quad9 v4 without DNS
constraint from "2620:fe::fe"          # quad9 v6 without DNS
constraints from "www.google.com"      # intentionally not 8.8.8.8

At this moment, I don't know how the geo-location discovery is working, but can you please consider those running IPv6 (only) client and allow discovery of AAAA records for pool.ntp.org?

hart-NTP commented 7 months ago

Try adding

servers 2.openbsd.pool.ntp.org.

I don't know why openbsd isn't using their vendor zone openbsd.pool.ntp.org in their example/default ntpd.conf. The 2 is unfortunately a long-understood issue with the ntppool.org system -- AAAA records are only returned for 2..pool.ntp.org. Other .pool.ntp.org names all return only IPv4.

I'm really curious why AAAA isn't supported for all of pool.ntp.org at this point.

ongolaboy commented 7 months ago

Try adding

servers 2.openbsd.pool.ntp.org.

Thanks, it worked.

I don't know why openbsd isn't using their vendor zone openbsd.pool.ntp.org in their example/default ntpd.conf.

Here is the answer https://marc.info/?l=openbsd-misc&m=170792716928891&w=2

The 2 is unfortunately a long-understood issue with the ntppool.org system -- AAAA records are only returned for 2..pool.ntp.org. Other .pool.ntp.org names all return only IPv4.

I'm really curious why AAAA isn't supported for all of pool.ntp.org at this point.

Yeah.. I'm joining you on that one .