Project

General

Profile

Actions

Feature #10322

closed

Force ipv4/ipv6 DNS resolution for NTP servers

Added by Christian Borchert about 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Very Low
Assignee:
Viktor Gurov
Category:
NTPD
Target version:
Start date:
03/08/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Per http://doc.ntp.org/current-stable/confopt.html one should be able to prefix an NTP server hostname with either '-4' or '-6' to force DNS resolution in either ipv4 or ipv6.

"_Note that in contexts where a host name is expected, a -4 qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a -6 qualifier forces DNS resolution to the IPv6 namespace._"

This does not currently work in the pfsense GUI - attempting to do so corrupts the confirguration.


Files

ipv6 resolution.PNG (47.1 KB) ipv6 resolution.PNG ipv6 resolution on a system with ipv6 disabled Christian Borchert, 03/10/2020 03:07 PM
Actions #1

Updated by Jim Pingle about 4 years ago

  • Tracker changed from Bug to Feature
  • Subject changed from Force ipv4/ipv6 DNS resolution for NTP servers fails to Force ipv4/ipv6 DNS resolution for NTP servers
  • Category set to NTPD
  • Priority changed from Normal to Very Low
  • Target version set to Future

It's not a bug, it's just not supported.

It could be added. For example, with an option for each server in the NTP settings.

But for most people it isn't necessary.

Actions #2

Updated by Christian Borchert about 4 years ago

Jim,

For an unknown reason - even though my setup is configured for only ipv4, sometimes NTP will randomly resolve servers to ipv6 addresses and try to connect....

This option would fix that bug

Actions #4

Updated by Monseigneur Phelypeaux over 3 years ago

I'm facing the same bug. I have an IPv4-only network with IPv6 disabled in pfSense, but my DNS servers reply with both an IPv4 and IPv6 address. When I set ntp.ripe.net, NTPd will consistently pick the IPv6 over the IPv4 address. This then becomes 'unreach/pending' (same as in Christian's screenshot) and will not get a time. My only 'workaround' is to use an NTP server/pool for which the DNS lookup only replies with an IPv4 address.

I consider this a bug, the feature proposed by Christian would work, but would require user interaction.

Actions #6

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Pull Request Review
  • Target version changed from Future to 2.5.0
Actions #7

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions #8

Updated by Viktor Gurov over 3 years ago

  • % Done changed from 0 to 100
Actions #9

Updated by Viktor Gurov over 3 years ago

  • Status changed from Feedback to Resolved

works as expected on 2.5.0.a.20201021.1850

If I set force to IPv4:
ntp.ix.ru - 194.190.168.1
If I set force to IPv6:
ntp.ix.ru - 2001:6d0:ffd4::1

Actions

Also available in: Atom PDF