NTP peering broken since recent security update?
Dennis Glatting
freebsd at pki2.com
Thu Apr 9 18:33:23 UTC 2015
On Thu, 2015-04-09 at 08:14 -1000, Kent Kuriyama wrote:
> Are you doing any NTP authentication between peers?
>
I am. And yes, NTP stopped working between peers after the last patch
(I'm at r281238). NTP 4.3.14 (net/ntp-devel) seems to work, though.
FreeBSD-SA-15:07.ntp is not terribly useful. It says there is no work
around and you should upgrade. Yet, now that I upgraded and without
configuration changes, my five Statum2 core is now broken and it isn't
(yet) clear how to fix it.
That's a serious problem.
By default NTP isn't compiled with debug. Patching/recompiling is a
limited process on core systems, so I was hoping ntp-devel would help
debug. Nada
> On Thu, Apr 9, 2015 at 6:04 AM, Arthur Chance <freebsd at qeng-ho.org> wrote:
>
> > I have three NTP servers on my internal networks. Each of them uses
> > various external machines as servers but they also peer with the other two
> > internal ones to give some resilience in case the outside world goes away.
> > Since the update and restart associated with FreeBSD-SA-15:07.ntp the ntpd
> > processes appear to be unable to see peers (reach = 0) although they're
> > locking onto the servers quite happily.
> >
> > Anyone else seeing this?
> >
> > --
> > Those who do not learn from computing history are doomed to
> > GOTO 1
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "freebsd-questions-
> > unsubscribe at freebsd.org"
> >
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list