Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"DNS lookup tempfail" when running on an openbsd IPv6-only node #231

Open
ongolaboy opened this issue Feb 10, 2024 · 2 comments
Open

"DNS lookup tempfail" when running on an openbsd IPv6-only node #231

ongolaboy opened this issue Feb 10, 2024 · 2 comments

Comments

@ongolaboy
Copy link

Hello,

I'm running ntp-4.2.8pl10p6 on openbsd7.4 .. I saw messages like this one
ntpd[26862]: DNS lookup tempfail

This node is running with IPv6-only.

The default ntpd.conf shipped is

# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf

servers pool.ntp.org
server time.cloudflare.com
sensor *

constraint from "9.9.9.9"              # quad9 v4 without DNS
constraint from "2620:fe::fe"          # quad9 v6 without DNS
constraints from "www.google.com"      # intentionally not 8.8.8.8

Since I did not have IPv4, I initially only commented the constraint with IPv4 . But it was not enough.

Then I realised that pool.ntp.org doesn't include a AAAA record. I ended up by commenting the servers line and added several servers close enough .

# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf

#servers pool.ntp.org
server time.cloudflare.com
server ntp1.xxxx
server ntp2.xxxx
sensor *

#constraint from "9.9.9.9"              # quad9 v4 without DNS
constraint from "2620:fe::fe"          # quad9 v6 without DNS
constraints from "www.google.com"      # intentionally not 8.8.8.8

At this moment, I don't know how the geo-location discovery is working, but can you please consider those running IPv6 (only) client and allow discovery of AAAA records for pool.ntp.org?
@hart-NTP
Copy link

Try adding

servers 2.openbsd.pool.ntp.org.

I don't know why openbsd isn't using their vendor zone openbsd.pool.ntp.org in their example/default ntpd.conf. The 2 is unfortunately a long-understood issue with the ntppool.org system -- AAAA records are only returned for 2.*.pool.ntp.org. Other *.pool.ntp.org names all return only IPv4.

I'm really curious why AAAA isn't supported for all of pool.ntp.org at this point.

@ongolaboy
Copy link
Author

Try adding

servers 2.openbsd.pool.ntp.org.

Thanks, it worked.

I don't know why openbsd isn't using their vendor zone openbsd.pool.ntp.org in their example/default ntpd.conf.

Here is the answer https://marc.info/?l=openbsd-misc&m=170792716928891&w=2

The 2 is unfortunately a long-understood issue with the ntppool.org system -- AAAA records are only returned for 2.*.pool.ntp.org. Other *.pool.ntp.org names all return only IPv4.

I'm really curious why AAAA isn't supported for all of pool.ntp.org at this point.

Yeah.. I'm joining you on that one .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ongolaboy @hart-NTP