NTP Client 4.2.8p7-21.1 x86_64 - "pool" instead of "server" list

Now that the issues I reported in the post <https://forums.opensuse.org/showthread.php/513081-NTP-daemon-not-always-using-all-the-defined-servers> have been resolved, I’ve noticed the following (new) NTP issue:

  • If the configuration command “pool de.pool.ntp.org iburst prefer” is used in place of a list of “server x
    .de.pool.ntp.org iburst” commands, only at most one NTP server is used.

Is anyone else noticing this issue?
[HR][/HR]My current solution is to use the following /etc/ntp.conf content:


#######################################
## Undisciplined Local Clock:
server 127.127.1.0
fudge 127.127.1.0 stratum 15
#######################################

# pool de.pool.ntp.org iburst prefer
## See restrict source above.
# broadcastclient
server 0.de.pool.ntp.org iburst prefer
server 1.de.pool.ntp.org iburst
server 2.de.pool.ntp.org iburst
server 3.de.pool.ntp.org iburst
server fritz.box iburst

[HR][/HR]Yes, there’s some “restrict” entries needed for NTP Clients using NTP versions including and later than 4.2.7:


################################################################################
## /etc/ntp.conf
##
## Paket 4.2.8p7-21.1 x86_64

#######################################
## NTP 4.2.7 or later, Client-only.
##
## By default act only as a basic NTP client.
restrict -4 default nomodify nopeer noquery notrap
restrict -6 default nomodify nopeer noquery notrap
# restrict source nomodify noquery notrap
## Don't use nopeer with pool servers
##
# restrict 224.0.1.1 mask 255.255.255.255 nomodify
## If you are using multicast (most folks are not).
##
## Allow NTP messages from the loopback address (useful for debugging):
restrict 127.0.0.1
restrict ::1
##

#######################################
## Clients from this subnet have unlimited access, but only if
## cryptographically authenticated:
# restrict 192.168.178.0 mask 255.255.255.0 notrust

## Clients from this subnet have unlimited access:
# restrict 192.168.178.0 mask 255.255.255.0

[HR][/HR]And, there are also some “key” entries needed these days:


##
## Authentication stuff
##
keys /etc/ntp.keys               
## path for keys file
##
trustedkey 1                     
## define trusted keys
## The key ID(s) which are trusted for the purposes of authenticating peers with
## symmetric key cryptography.
##
requestkey 1                     
## key (7) for accessing server variables
## The key ID for the ntpdc utility program.
##
# controlkey 15
controlkey 1
## key (6) for accessing server variables
## The key ID for the ntpq utility.

Quoting documentation:

The pool scheme solicits a single server at a time … The pool command can be used more than once

Thanks arvidjaar! (I missed that in the NTP documents!)
[HR][/HR]But, the ‘ntp.conf’ man page is a little bit unclear/ambiguous about this point, despite referencing the “Server Pool Scheme” description in the “Automatic Server Discovery Schemes” section of the NTP documentation.
[HR][/HR]And, there was an NTP version recently where a single ‘ntp.conf’ “pool” command resulted in a list of NTP servers being referenced.

  • This confused me and I missed the point made by arvidjaar.

What I’m currently seeing seems to be another issue.
[HR][/HR]With the following ‘ntp.conf’ commands:


pool de.pool.ntp.org iburst prefer
pool 0.de.pool.ntp.org iburst
pool 1.de.pool.ntp.org iburst
pool 2.de.pool.ntp.org iburst

“# ntpq -p” issues the following status:


 # ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 LOCAL(0)        .LOCL.          15 l  572   64    0    0.000    0.000   0.000
 de.pool.ntp.org .POOL.          16 p    -   64    0    0.000    0.000   0.000
 0.de.pool.ntp.o .POOL.          16 p    -   64    0    0.000    0.000   0.000
 1.de.pool.ntp.o .POOL.          16 p    -   64    0    0.000    0.000   0.000
 2.de.pool.ntp.o .POOL.          16 p    -   64    0    0.000    0.000   0.000
*fritz.box       144.76.115.197   3 u   28   64  377    0.279    0.292   0.078
 #

Diving deeper into ntpq and examining the associations, an “ntpq” ‘pstats’ commands reveal the following information:


 # ntpq
ntpq> apeers
     remote       refid   assid  st t when poll reach   delay   offset  jitter
==============================================================================
 LOCAL(0)        .LOCL.   4512   15 l  745   64    0    0.000    0.000   0.000
 de.pool.ntp.org .POOL.   4513   16 p    -   64    0    0.000    0.000   0.000
 0.de.pool.ntp.o .POOL.   4514   16 p    -   64    0    0.000    0.000   0.000
 1.de.pool.ntp.o .POOL.   4515   16 p    -   64    0    0.000    0.000   0.000
 2.de.pool.ntp.o .POOL.   4516   16 p    -   64    0    0.000    0.000   0.000
*fritz.box       904c73c5 4517    3 u   65   64  377    0.279    0.292   0.138
ntpq> pstats 4513
associd=4513 status=8811 conf, bcast, sel_reject, 1 event, mobilize,
remote host:           0.0.0.0:0
local address:         0.0.0.0:0
time last received:    756
time until next send:  29
reachability change:   756
packets sent:          12
packets received:      0
bad authentication:    0
bogus origin:          0
duplicate:             0
bad dispersion:        0
bad reference time:    0
candidate order:       0
ntpq> pstats 4514
associd=4514 status=8811 conf, bcast, sel_reject, 1 event, mobilize,
remote host:           0.0.0.0:0
local address:         0.0.0.0:0
time last received:    762
time until next send:  29
reachability change:   762
packets sent:          12
packets received:      0
bad authentication:    0
bogus origin:          0
duplicate:             0
bad dispersion:        0
bad reference time:    0
candidate order:       0
ntpq> pstats 4517
associd=4517 status=963a conf, reach, sel_sys.peer, 3 events, sys_peer,
remote host:           fritz.box:123
local address:         xxxx.fritz.box:123
time last received:    20
time until next send:  47
reachability change:   765
packets sent:          17
packets received:      17
bad authentication:    0
bogus origin:          0
duplicate:             0
bad dispersion:        0
bad reference time:    0
candidate order:       6
ntpq> q
 #

In other words, it seems that “de.pool.ntp.org” doesn’t want to respond to NTP clients configured to use the “pool” command. :expressionless:

Oops!!
I forgot to remove a comment from the “I’m an NTP Client and not an NTP Server” ‘ntp.conf’ command block:

restrict source nomodify noquery notrap

The “ntpq -p” status is now:


 # ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 LOCAL(0)        .LOCL.          15 l 123m   64    0    0.000    0.000   0.000
 de.pool.ntp.org .POOL.          16 p    -   64    0    0.000    0.000   0.000
+fritz.box       37.120.191.245   3 u   84  512  377    0.374    0.090   0.271
*schubhart.de    131.188.3.222    2 u  146  512  377   26.420    0.389   0.165
-wotan.tuxli.ch  211.172.242.174  3 u  193 1024  377   25.947    0.447   0.180
-176.9.253.75 (n 188.2.166.125    3 u   86  512  377   25.915    0.726   0.176
-x.ns.gin.ntt.ne 249.224.99.213   2 u  218 1024  377   21.976   -7.671  13.203
+ntp2.m-online.n 212.18.1.106     2 u  174  512  377   20.745   -0.510   0.213
-news02.nierle.c 192.53.103.104   2 u   48 1024  377   26.092    3.469   0.116
-ghost-networks. 130.149.17.8     2 u   29 1024  377   24.879    1.879   0.202
 #

The ‘ntp.conf’ “server/pool” commands are:


#######################################
## Undisciplined Local Clock:
server 127.127.1.0
fudge 127.127.1.0 stratum 15
#######################################

pool de.pool.ntp.org iburst prefer
server fritz.box iburst
# broadcastclient
# Don't use broadcast mode if you cannot monitor your client servers.

[HR][/HR]The “only one NTP pool server” issue was with the ntp package version 4.2.8p7.
It seems to have been repaired with the 4.2.8p8 patches which arrived after the 30th of May 2016.
The version 4.2.6p5 didn’t suffer from the “only one NTP pool server” issue.