You are not logged in.
I enabled/started systemd-timesyncd with default config. timedatectl says clock is not synced. The status of the service shows timeouts for all the pools in arch.pool.ntp.org. I tried to use ntpd using arch's ntp servers but the issue was still the same even though I can ping those servers.
So I tried to use different servers, asia.pool.ntp.org, and my clock is in sync now.
$ tracepath -n 0.arch.pool.ntp.org
1?: [LOCALHOST] pmtu 1500
1: 192.168.2.1 0.549ms
1: 192.168.2.1 0.348ms
2: 10.20.11.1 1.940ms
3: xxx.xxx.xxx.xxx 1.037ms
4: 100.64.0.141 4.357ms
5: 100.64.0.1 3.378ms
6: 203.177.160.157 70.405ms asymm 12
7: no reply
8: no reply
9: 120.28.22.78 47.339ms asymm 15
10: 222.127.1.21 91.964ms reached
Resume: pmtu 1500 hops 10 back 15
$ tracepath -n 0.asia.pool.ntp.org
1?: [LOCALHOST] pmtu 1500
1: 192.168.2.1 0.531ms
1: 192.168.2.1 0.385ms
2: 10.20.11.1 2.611ms
3: xxx.xxx.xxx.xxx 1.612ms
4: 100.64.0.141 4.462ms
5: 100.75.0.77 38.224ms asymm 7
6: no reply
7: no reply
8: no reply
9: no reply
10: 72.52.92.69 227.690ms asymm 12
11: 80.81.194.72 248.920ms asymm 13
12: 46.19.97.61 273.709ms asymm 14
13: 46.19.96.17 288.951ms asymm 17
14: 46.19.96.19 292.016ms reached
Resume: pmtu 1500 hops 14 back 18
Note: I redacted the ip addresses at #3. It's my public ip address. Not sure if it's safe to make it public since I'm behind CGNAT.
Last edited by rEnr3n (2024-02-11 11:40:04)
Offline
ntpdate -d 0.arch.pool.ntp.org
Online
$ ntpdate -d 0.arch.pool.ntp.org
10 Feb 09:06:51 ntpdate[30374]: ntpdate 4.2.8p17@1.4004-o Tue Jun 6 14:05:47 UTC 2023 (1)
Looking for host 0.arch.pool.ntp.org and service ntp
host found : 222.127.1.24
transmit(222.127.1.24)
transmit(222.127.1.26)
transmit(222.127.1.18)
transmit(222.127.1.21)
transmit(222.127.1.24)
transmit(222.127.1.26)
transmit(222.127.1.18)
transmit(222.127.1.21)
transmit(222.127.1.24)
transmit(222.127.1.26)
transmit(222.127.1.18)
transmit(222.127.1.21)
transmit(222.127.1.24)
transmit(222.127.1.26)
transmit(222.127.1.18)
transmit(222.127.1.21)
222.127.1.24: Server dropped: no data
222.127.1.26: Server dropped: no data
222.127.1.18: Server dropped: no data
222.127.1.21: Server dropped: no data
10 Feb 09:07:01 ntpdate[30374]: no server suitable for synchronization found
Offline
222.127.1.24 belongs to globe.ph, they have "123/udp open|filtered ntp" and ntpdate doesn't get time from them for me either.
Is that your ISP? They might intercept your DNS or you've a bogus resolver configured.
dig 0.arch.pool.ntp.org
dig @8.8.8.8 0.arch.pool.ntp.org
Online
They're not my ISP but I think my ISP is connecting through them. Should I contact them about this?
$ dig 0.arch.pool.ntp.org
; <<>> DiG 9.18.21 <<>> 0.arch.pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5083
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;0.arch.pool.ntp.org. IN A
;; ANSWER SECTION:
0.arch.pool.ntp.org. 130 IN A 222.127.1.19
0.arch.pool.ntp.org. 130 IN A 222.127.1.22
;; Query time: 436 msec
;; SERVER: 192.168.2.20#53(192.168.2.20) (UDP)
;; WHEN: Sat Feb 10 18:33:57 PST 2024
;; MSG SIZE rcvd: 80
$ dig @8.8.8.8 0.arch.pool.ntp.org
; <<>> DiG 9.18.21 <<>> @8.8.8.8 0.arch.pool.ntp.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45934
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;0.arch.pool.ntp.org. IN A
;; ANSWER SECTION:
0.arch.pool.ntp.org. 130 IN A 222.127.1.22
0.arch.pool.ntp.org. 130 IN A 222.127.1.19
;; Query time: 46 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Sat Feb 10 18:34:18 PST 2024
;; MSG SIZE rcvd: 80
Offline
Could you add the output of
dig +https @8.8.8.8 0.arch.pool.ntp.org
dig +tls @8.8.8.8 0.arch.pool.ntp.org
Someone along the line seems to be messing with your DNS and I'm curios to what extend.
They could be doing this to the NTP packets as well.
Offline
$ dig +https @8.8.8.8 0.arch.pool.ntp.org
; <<>> DiG 9.18.21 <<>> +https @8.8.8.8 0.arch.pool.ntp.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28864
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;0.arch.pool.ntp.org. IN A
;; ANSWER SECTION:
0.arch.pool.ntp.org. 130 IN A 222.127.1.27
0.arch.pool.ntp.org. 130 IN A 222.127.1.21
;; Query time: 46 msec
;; SERVER: 8.8.8.8#443(8.8.8.8) (HTTPS)
;; WHEN: Sat Feb 10 19:28:47 PST 2024
;; MSG SIZE rcvd: 80
$ dig +tls @8.8.8.8 0.arch.pool.ntp.org
; <<>> DiG 9.18.21 <<>> +tls @8.8.8.8 0.arch.pool.ntp.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61502
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;0.arch.pool.ntp.org. IN A
;; ANSWER SECTION:
0.arch.pool.ntp.org. 100 IN A 222.127.1.27
0.arch.pool.ntp.org. 100 IN A 222.127.1.21
;; Query time: 103 msec
;; SERVER: 8.8.8.8#853(8.8.8.8) (TLS)
;; WHEN: Sat Feb 10 19:29:16 PST 2024
;; MSG SIZE rcvd: 80
Offline
Are you using some VPN?
You might just get dealt a bogus server from the pool.
Let's look at something dicktators would be much more inclined to mess around with than a timeserver…
dig cnn.com
Online
Random observation, pool.ntp.org seems to be pretty good at delivering NTP servers in your area:
host ph.pool.ntp.org
ph.pool.ntp.org has address 222.127.1.20
ph.pool.ntp.org has address 222.127.1.25
ph.pool.ntp.org has address 222.127.1.21
ph.pool.ntp.org has address 222.127.1.18
So my guess is, the pool servers are currently broken and you could just select another pool...
Offline
tried to use different servers, asia.pool.ntp.org, and my clock is in sync now
Online
Just wanted to clarify this isn't a DNS issue and "works as designed".
As this thread isn't marked solved as of yet, I hope this ties up any loose ends.
Offline
Are you using some VPN?
You might just get dealt a bogus server from the pool.
I'm not using VPN but I use my own DNS resolver. I briefly tried to use 8.8.8.8 as my resolver but that didn't fix the issue.
Let's look at something dicktators would be much more inclined to mess around with than a timeserver…
dig cnn.com
$ dig cnn.com
; <<>> DiG 9.18.21 <<>> cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41579
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;cnn.com. IN A
;; ANSWER SECTION:
cnn.com. 60 IN A 151.101.195.5
cnn.com. 60 IN A 151.101.3.5
cnn.com. 60 IN A 151.101.67.5
cnn.com. 60 IN A 151.101.131.5
;; Query time: 323 msec
;; SERVER: 192.168.2.20#53(192.168.2.20) (UDP)
;; WHEN: Sun Feb 11 09:24:25 PST 2024
;; MSG SIZE rcvd: 100
Just wanted to clarify this isn't a DNS issue and "works as designed".
As this thread isn't marked solved as of yet, I hope this ties up any loose ends.
I'm getting ip addresses for the hosts but they are not working as expected, NTP-wise. This stops me from using the official vagrant box since it's contacting arch's ntp servers and sshd won't start because of it.
Offline
cnn resolution works, it's simply the bogus NTP server in your area (what at this point was expectable)
You'll have to
- configure a different NTP server
- resolve a different NTP IP in your local DNS
- move to another country
- wait until the bogus IP gets kicked from the pool
There's no way around that.
https://community.ntppool.org/t/problem … p-org/3103
https://www.ntppool.org/zone/ph
Online
it's simply the bogus NTP server in your area
I'm confused. I thought arch.pool.ntp.org is owned/maintained by the guys from archlinux. Is this a problem on arch admins end or are there other people involved here?
222.127.1.24 belongs to globe.ph
I forgot about this. I'll contact my ISP if they can help with this. Meanwhile, I've opted for this as a workaround:
- resolve a different NTP IP in your local DNS
Last edited by rEnr3n (2024-02-11 11:39:28)
Offline
You could check whether the problem still exists - ph.pool.ntp.org now resolves 45.249.226.5 for me and that server (belonging to Archon Data Solutions) does reply.
Meanwhile the remaining 222.127.1.0/24 servers in the pool seem all dead.
Online
You could check whether the problem still exists - ph.pool.ntp.org now resolves 45.249.226.5 for me and that server (belonging to Archon Data Solutions) does reply.
Meanwhile the remaining 222.127.1.0/24 servers in the pool seem all dead.
The interesting thing is that https://servertest.online/ntp seems to be able to connect. Maybe they are filtering residential ips due to some DDoS.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
You could check whether the problem still exists - ph.pool.ntp.org now resolves 45.249.226.5 for me and that server (belonging to Archon Data Solutions) does reply.
I ran this command yesterday and it was successful. Running it again today now fails. I think I got a different IP address yesterday.
$ ntpdate -d ph.pool.ntp.org
12 Feb 13:29:16 ntpdate[128483]: ntpdate 4.2.8p17@1.4004-o Tue Jun 6 14:05:47 UTC 2023 (1)
Looking for host ph.pool.ntp.org and service ntp
host found : 222.127.1.18
transmit(222.127.1.18)
transmit(222.127.1.20)
transmit(222.127.1.21)
transmit(222.127.1.23)
transmit(222.127.1.18)
transmit(222.127.1.20)
transmit(222.127.1.21)
transmit(222.127.1.23)
transmit(222.127.1.18)
transmit(222.127.1.20)
transmit(222.127.1.21)
transmit(222.127.1.23)
transmit(222.127.1.18)
transmit(222.127.1.20)
transmit(222.127.1.21)
transmit(222.127.1.23)
222.127.1.18: Server dropped: no data
222.127.1.20: Server dropped: no data
222.127.1.21: Server dropped: no data
222.127.1.23: Server dropped: no data
12 Feb 13:29:25 ntpdate[128483]: no server suitable for synchronization found
$ ntpdate -d pool.ntp.org
12 Feb 13:30:14 ntpdate[128997]: ntpdate 4.2.8p17@1.4004-o Tue Jun 6 14:05:47 UTC 2023 (1)
Looking for host pool.ntp.org and service ntp
host found : 222.127.1.18
transmit(222.127.1.18)
transmit(222.127.1.24)
transmit(222.127.1.25)
transmit(222.127.1.27)
transmit(222.127.1.18)
transmit(222.127.1.24)
transmit(222.127.1.25)
transmit(222.127.1.27)
transmit(222.127.1.18)
transmit(222.127.1.24)
transmit(222.127.1.25)
transmit(222.127.1.27)
transmit(222.127.1.18)
transmit(222.127.1.24)
transmit(222.127.1.25)
transmit(222.127.1.27)
222.127.1.18: Server dropped: no data
222.127.1.24: Server dropped: no data
222.127.1.25: Server dropped: no data
222.127.1.27: Server dropped: no data
12 Feb 13:30:22 ntpdate[128997]: no server suitable for synchronization found
Who do I talk to to have these servers kicked out of the pool?
Offline
Start at https://community.ntppool.org/
If the server filters residual IPs this won't be detected automatically - ultimately it's globe.ph's fault and actually their duty to withdraw their servers from the pool.
Online