NTP errors

netsysadmin

I'm having the following errors in the log:

May 30 09:46:05 msntp[6264]: msntp options: a=2 p=0 v=1 e=0.100 E=5.000 P=2147483647.000
May 30 09:46:05 msntp[6264]: d=18000 c=5 x=18000 op=1 l=/var/run/msntp.pid f=/var/db/msntp.state pool.ntp.org 194.117.9.136
May 30 09:46:05 msntp[6264]: msntp: different parameters for restart
May 30 09:46:25 msntp[6264]: msntp: unable to locate IP address/number
May 30 09:46:25 msntp[6264]: msntp: Unknown error: 0

I read a recent thread about NTP client errors, but I couldn't add to that thread.
I'm still using pool.ntp.org. 194.117.9.136 is the IP address of pool.ntp.org. I added the IP address because I haven't specified any DNS server.

Removing pool.ntp.org and keeping the IP address does not solve the problem.
Any idea what I did wrong?

billm

@netsysadmin:

I'm having the following errors in the log:

May 30 09:46:05 msntp[6264]: msntp options: a=2 p=0 v=1 e=0.100 E=5.000 P=2147483647.000
May 30 09:46:05 msntp[6264]: d=18000 c=5 x=18000 op=1 l=/var/run/msntp.pid f=/var/db/msntp.state pool.ntp.org 194.117.9.136
May 30 09:46:05 msntp[6264]: msntp: different parameters for restart
May 30 09:46:25 msntp[6264]: msntp: unable to locate IP address/number
May 30 09:46:25 msntp[6264]: msntp: Unknown error: 0

I read a recent thread about NTP client errors, but I couldn't add to that thread.
I'm still using pool.ntp.org. 194.117.9.136 is the IP address of pool.ntp.org. I added the IP address because I haven't specified any DNS server.

Removing pool.ntp.org and keeping the IP address does not solve the problem.
Any idea what I did wrong?

I think the problem with msntp is that it does a dns lookup on whatever it's told is the address of it's NTP server.  If you've got no DNS then it's going to fail it's resolver checks.  I'm not 100% convinced that's what's going on with msntp - I run it very successfully at work (not updating clock, but to give me better visibility into what ISC and open ntp are doing) - but we've got full DNS resolution everywhere.  Try configuring your box for DNS.

–Bill

sullrich

Yeah this smells of DNS mis-configuration on the firewall.

netsysadmin

As I said, I didn't configure any DNS server address.
But is pfSense really configured to resolve anything specified as the NTP server (even an IP address)?

Now, I have a multi-wan configuration, with each ISP having its own DNS servers.
Which link will pfSense use to resolve any FQDN? The default interface "WAN"?
Or should I specify all 6 DNS servers or any of the 6?

hoba

how did you expect the firewall to resolve the name without specifying a dns server  ;)
Add static routes for the external dns servers to go out the right interface.

netsysadmin

How would I know that pfSense would try to resolve an IP address !!!? ;)
Will try adding the static routes as you say.

hoba

Every domainname you enter at any field of your pfsense requires to be resolved and that's what DNS are for  ;)

billm

@netsysadmin:

How would I know that pfSense would try to resolve an IP address !!!? ;)
Will try adding the static routes as you say.

Technically it's msntp that tries to resolve it.  Not much we can do about that I'm afraid.  The code probably looks something like "ip = gethostbyname(hostnameoripsuppliedbyuser)"  The gethostbyname() call returns an IP when given an hostname or IP so it's a rather safe call…and it'd be unexpected to not have DNS on your box ;)

--Bill

netsysadmin

Yeah, I understand.
Anyway, I've specified the DNS servers and unchecked the "Allow DNS server list to be overridden by DHCP/PPP on WAN" option.
That option also caused some problem when left checked by default.
Seems to be OK now:

May 31 18:41:12 msntp[72982]: msntp: packets out of order on socket 0
May 31 18:41:12 msntp[72982]: msntp: after 4 hours 59 mins acc. 1 rej. 1 flush 0 max.off. -12.936 corr. -12.936
May 31 18:41:12 msntp[72982]: msntp: 2006 May 31 18:41:09.871 + 2.469 +/- 0.475 secs
May 31 18:41:10 msntp[72982]: msntp: after 4 hours 59 mins acc. 2 rej. 1 flush 0 max.off. -2.457 corr. -2.457
May 31 18:41:10 msntp[72982]: msntp: 2006 May 31 18:41:10.332 + -0.000 +/- 0.464 secs

One question:
Can I use the firewall time as a time source to correct time errors on local client PCs?
On a Windows client, I tried "net time \10.0.0.3 /set /yes" but got the following error message:
System error 53 occurred.
The network path was not found.

Does pfSense only implement an ntp client and not an ntp server?

hoba

That'S true for 1.0. There already is a timeserver in HEAD.

netsysadmin

OK, but what exactly is the "HEAD" version?

sullrich

http://faq.pfsense.org/index.php?sid=61682&lang=en&action=artikel&cat=1&id=165&artlang=en