Project

General

Profile

Actions

Bug #15552

closed

NTP option "DNS Resolution" has no effect when using NTP pool hostnames

Added by Travis McMurry 6 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Services
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
24.11
Release Notes:
Default
Affected Version:
2.7.2
Affected Architecture:
amd64

Description

This issue happened in the past on #10322. It appears it was corrected but has come back.

Details
  1. System -> Advanced -> Networking -> IPv6 Options -> Allow IPv6 (unchecked, effectively disabled)
  2. Services -> NTP -> NTP Server Configuration -> DNS Resolution -> IPv4 (forcing IPv4 DNS Queries)
  3. Services -> NTP -> NTP Server Configuration -> Logging -> Log system messages (checked, logs are created)

Symptom
System Logs -> NTP
Observe NTP service querying IPv6 hosts, continually every minute or so

Troubleshooting
  • Tried toggling Auto/IPv4/IPv6 in NTP DNS settings, no effect
  • Restarting the NTP service after changing NTP DNS & NTP server pools (note: the pools contain IPv4 and IPv6 hosts)
  • Ensured all WAN interfaces contain no public IPv6 addresses

Files

clipboard-202406112137-db4h6.png (74.2 KB) clipboard-202406112137-db4h6.png Travis McMurry, 06/12/2024 01:37 AM
Actions #1

Updated by Jim Pingle 6 months ago

  • Subject changed from NTP on 2.7.2 queries IPv6 when IPv6 is administratively disabled to NTP option "DNS Resolution" has no effect when using NTP pool hostnames
  • Target version set to 2.8.0
  • Plus Target Version set to 24.08

Point 1 isn't relevant -- that has no effect on anything other than the firewall rules being able to pass IPv6, it does not disable anything at the networking/stack level.

The actual issue appears to be that the "DNS Resolution" option has no effect on pools, only peers and servers.

It appears to work by adjusting the code to hit both paths, but could use some more testing. It's possible it wasn't supported by ntpd in the past when that option was added initially.

You can try applying the following diff (ignoring whitespace) in the System Patches package:

diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index c7549317c4..bb0a785667 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -2538,11 +2538,11 @@ function system_ntp_configure() {
                        } else {
                                $ntpcfg .= 'server ';
                        }
-                       if (config_get_path('ntpd/dnsresolv') == 'inet') {
-                               $ntpcfg .= '-4 ';
-                       } elseif (config_get_path('ntpd/dnsresolv') == 'inet6') {
-                               $ntpcfg .= '-6 ';
-                       }
+               }
+               if (config_get_path('ntpd/dnsresolv') == 'inet') {
+                       $ntpcfg .= '-4 ';
+               } elseif (config_get_path('ntpd/dnsresolv') == 'inet6') {
+                       $ntpcfg .= '-6 ';
                }

                $ntpcfg .= "{$ts}";
Actions #2

Updated by Travis McMurry 5 months ago

On 7/29 I've applied the diff. Since applying, the NTP log has stopped showing the "Soliciting Pool Server" requests to IPv6 addresses. If this changes I'll report back.

As of 8/6, the patch appears stable, no issues, time is syncing.

Actions #3

Updated by Jim Pingle 2 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Jim Pingle 2 months ago

  • Plus Target Version changed from 24.08 to 24.11
Actions #5

Updated by Jordan G about 2 months ago

the info/tip below NTP's DNS resolution option currently states it has no affect on pools. This should be updated if it now does change pool name resolution.

"Force NTP peers DNS resolution IP protocol. Do not affect pools."

Actions #6

Updated by Jim Pingle about 2 months ago

  • Assignee set to Jim Pingle

Jordan G wrote in #note-5:

the info/tip below NTP's DNS resolution option currently states it has no affect on pools. This should be updated if it now does change pool name resolution.

Fixed in 5ae3f26433ce76d5b238f610ac734fa7a9aa07a5

Actions #7

Updated by Jim Pingle about 1 month ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF