KEA in 25.07 NTP server?

pucko73

Is it only me that don't get the NTP server from the DHCP server to work or it it a known issue?

johnpoz

@pucko73 handing it out is one thing - your client using it is another.. What client? Just sniff your dhcp is it even asked for - is it offered. The old saying you can lead a horse to water.

Its rare that a client will use ntp handed out by the dhcp server - where it should be most used is iot for example, yet they do not implement it that I have ever seen.

pucko73

@johnpoz I did a tcp dump. it seems it is not sent.

I had to add a custom block with "always send" to get it to work:

{
"option-data": [
{
"name": "ntp-servers",
"data": "192.168.0.1",
"always-send": true
}
]
}

johnpoz

@pucko73 and does your client use it? Normally dhcp server will not send what is not asked for. But even if you send it - does the client use it? If it didn't even ask for it - its highly unlikely it would use something it didn't ask for.

Gertjan

@pucko73 said in KEA in 25.07 NTP server?:

Is it only me that don't get the NTP server from the DHCP server to work or it it a known issue?

Hummm. I thought it was sending this NTP IP always, as I have one assigned it in the GUI :

Was this a default behavior of ISC DHCP ? I'm not sure ...
KEA, if a NTP isn't asked, the DHCPv4 server won't send one (presuming you've set one) - I just checked that with my Windows PC.
If you want to use a local (pfSense ?) central time server, you have to 'tell' your Microsoft PC/device this.
If not, it default (for me) to : time.microsoft.com.
Maybe a registry setting can override this - get one using DHCP ?

And maybe I get it : "time.microsoft.com" permits Microsoft to know how many PC with their OS are active every hour ^^

edit : I've a printer that does ask for a NTP in the lease

edit : thanks for the 'force option' ^^

johnpoz

@Gertjan even if you force dhcp server to always send ntp option - doesn't mean your client will use it.

Your windows is prefect example.. It doesn't ask, even if you send it - it makes no sense that the client would use something it didn't even ask for.

For ntp to work via dhcp, the client needs to understand that it should use the ntp server sent by the dhcp server - if it did have that ability, why would it not ask for it?

If my clients are not going to use the ntp server I hand out via dhcp - why should you always send it??

Dhcp has lots and lots of different options, ie information you can send out for clients to leverage - doesn't mean they will use them. To be honest I have never run into any sort of os or iot device that leverages ntp from dhcp out of the box.. I wish iot devices did that!! I really do.. But have yet to come across any such devices. Now what I have run across a lot actually, is stupid iot devices clearly made for use in the US, that ask for uk.pool.ntp.org for their ntp.. With no way to change it on the device.

Iot devices should operate like this IMHO.. They should ask dhcp for which ntp server(s) they should use. If they do not get such info they should use their vendor ntp pool.. Which per ntp pool recommendations/requirements - any vendor wanting to leverage the ntp pool should get their own vendor fqdn.

https://www.ntppool.org/en/vendors.html

JonH

@Gertjan said in KEA in 25.07 NTP server?:

Was this a default behavior of ISC DHCP ? I'm not sure ...

I just switched from ISC to KEA. The imported settings are the same. For me it was pfSense IP addr and 0.pool.ntp.org

But make a change (anywhere) in settings of KEA and it fails to save solely because of the FQDN in the NTP section. So isc allowed FQDN in ntp section KEA does not.

As someone else said they should fix the documentation at a minimum. I wasted 30 minutes chasing this stupid entry.

Gertjan

@JonH said in KEA in 25.07 NTP server?:

But make a change (anywhere) in settings of KEA and it fails to save solely because of the FQDN in the NTP section. So isc allowed FQDN in ntp section KEA does not.

That was a know ISC issue - actually a pfSense GUI ISC issue : like DNS server info, NTP info can't be a host or pool name.
The GUI help text told : "enter an IP or host name". That host name part is false. NTP info can be IP only, not a host name (or worse, a pool name).
This issue has been discussed here several times already.

@johnpoz said in KEA in 25.07 NTP server?:

Your windows is prefect example.. It doesn't ask, even if you send it - it makes no sense that the client would use something it didn't even ask for

I know. Was presuming that would be common knowledge by now ^^

@johnpoz said in KEA in 25.07 NTP server?:

handing it out is one thing - your client using it is another.. What client? Just sniff your dhcp is it even asked for - is it offered.