I started having an issue on a couple of our colo servers which is causing a fair bit of head scratching.
I as alerted to clock skew on a couple of servers, and when I went to investigate ntpq -=p showed the following:
remote refid st t when poll reach delay offset jitter
==============================================================================
ntp1.hetzner.de .INIT. 16 u - 64 0 0.000 0.000 0.000
ntp2.hetzner.de .INIT. 16 u - 64 0 0.000 0.000 0.000
ntp3.hetzner.de .INIT. 16 u - 64 0 0.000 0.000 0.000
so clearly the server could not contact its ntp servers. However, its sister servers have no such issues, so I assumed the problem lay with the server. Probably a misconfiguration in IPtables. But no, IPtables is configured properly. Restarted ntpd, waited a few minutes, but the ntp servers were still in INIT. As a check I ran
ntpdate ntp1.hetzner.de
and I get a response from the time server! Puzzled, I started a tcpdump for UDP 123 traffic and restarted ntpd. No packets. Not one. Even after an hour. And yet if I stop ntp and run ntpdate I see packets going over the wire to the time servers no problem.
So, I tried putting the ip addresses of the time servers into ntp.conf and instantly I am in sync
remote refid st t when poll reach delay offset jitter
==============================================================================
ntp1.hetzner.de .INIT. 16 u - 64 0 0.000 0.000 0.000
ntp2.hetzner.de .INIT. 16 u - 64 0 0.000 0.000 0.000
ntp3.hetzner.de .INIT. 16 u - 64 0 0.000 0.000 0.000
*ntp1.hetzner.de 192.53.103.103 2 u 23 64 1 2.856 -2.246 0.016
ntp2.hetzner.de 192.53.103.103 2 u 22 64 1 0.246 -2.174 0.019
ntp3.hetzner.de 192.53.103.108 2 u 21 64 1 0.262 -1.282 0.037
there are six servers in that output as I have appended the server ip addresses in ntp.conf
So I'm stumped. Is there some weird DNS issue in ntpd, or have I done something silly in my configuration? This machine is Debian 7.8, and the ntpd version is 4.2.6p5
My ntp config is now as follows:
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
server ntp1.hetzner.de iburst
server ntp2.hetzner.com iburst
server ntp3.hetzner.net iburst
server 213.239.239.164 iburst
server 213.239.239.165 iburst
server 213.239.239.166 iburst
Best Answer
I have some servers at Hetzner which with the default ntpd configuration from the install image will use IPv6 to communicate with the ntp servers provided by Hetzner.
Given that you see the duplicate entries in the output I am strongly suspecting that your ntpd has resolved those hostnames to IPv6 addresses rather than IPv4 addresses. You can verify this by using the
-nflag forntpqsuch that it will display IP addresses rather than hostnames.There is nothing wrong with configuring ntpd such that it will use both some IPv4 addresses and some IPv6 addresses as time source. I would even go as far as saying it is a good practice to do so. Hence I wouldn't say there is anything wrong with your ntpd configuration.
However I do suspect you have a misconfiguration in your IPv6 configuration, and that is what you should be fixing.