unable to resolve (0,1,2).pool.ntp.org

[robatino]

Since the morning of July 25, every time I boot ntpd fails to contact the time server. The problem is that it can no longer resolve the timeservers 0.pool.ntp.org, etc. in /etc/ntp.conf. I found that on July 25, there was a change in the administration of these servers:

https://fortytwo.ch/mailman/pipermai...05/000014.html

So that must have been the immediate cause. If I type

host 0.pool.ntp.org

it fails. However, if I explicitly tell it to use one of the DNS servers my router uses, it works:

host 0.pool.ntp.org 151.203.0.85

Now my router internally knows about these DNS servers, and if I use the DNS test in the router configuration, it works. My machine uses the router as its DNS server, and somehow the lookup for these particular hosts isn't being passed through properly. I tried resetting the router, no change. Do I need to do something on the OS side?

[markkuk]

I tried with "dig", which gives a lot more info than "host":

Code:

$ dig 0.pool.ntp.org
;; Truncated, retrying in TCP mode.

Maybe your router can't handle TCP mode DNS queries properly?

Code:

; <<>> DiG 9.3.1 <<>> 0.pool.ntp.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34198
;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 9, ADDITIONAL: 9

;; QUESTION SECTION:
;0.pool.ntp.org.                        IN      A

;; ANSWER SECTION:
0.pool.ntp.org.         119     IN      A       202.135.38.18
0.pool.ntp.org.         119     IN      A       203.30.99.35
0.pool.ntp.org.         119     IN      A       207.188.193.83
0.pool.ntp.org.         119     IN      A       212.204.235.157
0.pool.ntp.org.         119     IN      A       213.134.172.184
0.pool.ntp.org.         119     IN      A       61.206.115.3
0.pool.ntp.org.         119     IN      A       63.164.62.249
0.pool.ntp.org.         119     IN      A       64.112.189.11
0.pool.ntp.org.         119     IN      A       64.136.200.96
0.pool.ntp.org.         119     IN      A       80.28.46.78
0.pool.ntp.org.         119     IN      A       81.169.179.236
0.pool.ntp.org.         119     IN      A       82.152.150.47
0.pool.ntp.org.         119     IN      A       141.82.30.252
0.pool.ntp.org.         119     IN      A       149.156.176.45
0.pool.ntp.org.         119     IN      A       202.55.152.4

;; AUTHORITY SECTION:
pool.ntp.org.           86399   IN      NS      usenet.net.nz.
pool.ntp.org.           86399   IN      NS      zbasel.fortytwo.ch.
pool.ntp.org.           86399   IN      NS      aventura.bhms-groep.nl.
pool.ntp.org.           86399   IN      NS      superzooi.bhms-groep.nl.
pool.ntp.org.           86399   IN      NS      slartibartfast.bhms-groep.nl.
pool.ntp.org.           86399   IN      NS      ns1.eu.bitnames.com.
pool.ntp.org.           86399   IN      NS      ns1.us.bitnames.com.
pool.ntp.org.           86399   IN      NS      ns1.mailworx.net.
pool.ntp.org.           86399   IN      NS      ns3.us.bitnames.com.

;; ADDITIONAL SECTION:
ns1.eu.bitnames.com.    15430   IN      A       84.243.240.3
ns1.us.bitnames.com.    5983    IN      A       63.251.223.170
ns1.mailworx.net.       69197   IN      A       69.1.200.68
ns3.us.bitnames.com.    16783   IN      A       67.19.103.171
usenet.net.nz.          5220    IN      A       202.49.59.6
zbasel.fortytwo.ch.     69431   IN      A       193.138.215.60
aventura.bhms-groep.nl. 1676    IN      A       217.114.97.98
superzooi.bhms-groep.nl. 11667  IN      A       207.226.17.241
slartibartfast.bhms-groep.nl. 11832 IN  A       217.114.97.97

;; Query time: 36 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Wed Jul 27 19:33:05 2005
;; MSG SIZE  rcvd: 666

[robatino]

[andre@localhost ~]$ dig 0.pool.ntp.org

; <<>> DiG 9.3.1 <<>> 0.pool.ntp.org
;; global options: printcmd
;; connection timed out; no servers could be reached

Basically the same error as using host. My router is a Westell VersaLink 327W. I'm fairly clueless about networking.

[markkuk]

What does "dig @151.203.0.85 0.pool.ntp.org" do?

[robatino]

[andre@localhost ~]$ dig @151.203.0.85 0.pool.ntp.org
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.3.1 <<>> @151.203.0.85 0.pool.ntp.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29361
;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 9, ADDITIONAL: 9

;; QUESTION SECTION:
;0.pool.ntp.org. IN A

;; ANSWER SECTION:
0.pool.ntp.org. 120 IN A 217.157.1.202
0.pool.ntp.org. 120 IN A 61.9.138.184
0.pool.ntp.org. 120 IN A 62.94.26.10
0.pool.ntp.org. 120 IN A 69.37.143.241
0.pool.ntp.org. 120 IN A 81.5.136.18
0.pool.ntp.org. 120 IN A 83.246.118.20
0.pool.ntp.org. 120 IN A 192.36.143.153
0.pool.ntp.org. 120 IN A 193.2.10.101
0.pool.ntp.org. 120 IN A 194.88.2.50
0.pool.ntp.org. 120 IN A 194.88.2.60
0.pool.ntp.org. 120 IN A 200.141.215.164
0.pool.ntp.org. 120 IN A 202.173.190.158
0.pool.ntp.org. 120 IN A 217.112.91.209
0.pool.ntp.org. 120 IN A 217.125.14.244
0.pool.ntp.org. 120 IN A 217.127.32.90

;; AUTHORITY SECTION:
pool.ntp.org. 44786 IN NS aventura.bhms-groep.nl.
pool.ntp.org. 44786 IN NS superzooi.bhms-groep.nl.
pool.ntp.org. 44786 IN NS slartibartfast.bhms-groep.nl.
pool.ntp.org. 44786 IN NS ns1.eu.bitnames.com.
pool.ntp.org. 44786 IN NS ns1.us.bitnames.com.
pool.ntp.org. 44786 IN NS ns1.mailworx.net.
pool.ntp.org. 44786 IN NS ns3.us.bitnames.com.
pool.ntp.org. 44786 IN NS usenet.net.nz.
pool.ntp.org. 44786 IN NS zbasel.fortytwo.ch.

;; ADDITIONAL SECTION:
ns1.eu.bitnames.com. 9425 IN A 84.243.240.3
ns1.us.bitnames.com. 9494 IN A 63.251.223.170
ns1.mailworx.net. 138832 IN A 69.1.200.68
ns3.us.bitnames.com. 161842 IN A 67.19.103.171
usenet.net.nz. 2934 IN A 202.49.59.6
zbasel.fortytwo.ch. 52432 IN A 193.138.215.60
aventura.bhms-groep.nl. 11014 IN A 217.114.97.98
superzooi.bhms-groep.nl. 11014 IN A 207.226.17.241
slartibartfast.bhms-groep.nl. 11014 IN A 217.114.97.97

;; Query time: 28 msec
;; SERVER: 151.203.0.85#53(151.203.0.85)
;; WHEN: Wed Jul 27 14:02:23 2005
;; MSG SIZE rcvd: 666

[andre@localhost ~]$

[markkuk]

OK, it looks like the problem is with your router's DNS server implementation. Configure your system to use your ISP's DNS servers directly. You could try sending a bug report to the router manufacturer.

[robatino]

I configured Fedora to use my ISP's servers directly. However, NTP still fails (though it doesn't hang as long now). At least, maybe this means that a lot more people are affected and hopefully this will be resolved sooner. The simplest way would be for pool.ntp.org to just be configured the usual way.

[robatino]

Should also mention for anyone else reading this thread that after NTP fails, I have two copies of ntpd running. If I kill them later and try starting ntpd again, same thing happens.

[mkoljack]

I have been having the same problem. I do not have a router however. My resolution was to go to System Settings=>Date/Time=>I enabled both Red Hat NTP servers. Now at login, the NTPD does not fail.

[robatino]

Sometime within the last 4 hours or so, the configuration for pool.ntp.org was fixed so it allows ordinary UDP queries again, so the problem is fixed (or at least avoided). When I rebooted, NTP synced up properly and left just one copy running.

[mkoljack]

robatino--

I'm also getting 2 other problems at shutdown:

1. couldn't sync system clock msg failure
2. couldn't connect to audit.

I have a feeling it's an SELinux problem but I have no idea how to address those issues. I looked under /var/log to see but can't find anything there. Do you have any ideas on this?

Thanks much.

[robatino]

Sorry for the delay, I didn't get the notification for some reason. The first problem should have been fixed by the most recent selinux-policy-targeted update (it was for me, anyway). The second is supposed to be harmless, see

https://bugzilla.redhat.com/bugzilla....cgi?id=163500

[mkoljack]

Thanks Robatino. Issue 1 fixed and not worrying aboutt he audit problem as suggested in bugzilla.

Thanks for taking your time and responding. So much appreciated.