我有Debian 8和NTP服务器。 问题是,NTP服务器只使用“自己”的IP服务器,我不知道为什么
ntpq -p:
remote refid st t when poll reach delay offset jitter ============================================================================== 10.1.100.11 .INIT. 16 u - 64 0 0.000 0.000 0.000 的ntp.conf:
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help tinker panic 0 driftfile /var/lib/ntp/ntp.drift # Enable this if you want statistics to be logged. statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # You do need to talk to an NTP server or two (or three). #server ntp.your-provider.example # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will # pick a different set every time it starts up. Please consider joining the # pool: <http://www.pool.ntp.org/join.html> #server 0.debian.pool.ntp.org iburst #server 1.debian.pool.ntp.org iburst #server 2.debian.pool.ntp.org iburst #server 3.debian.pool.ntp.org iburst server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org server 3.pool.ntp.org #server tempus1.gum.gov.pl iburst #server tempus2.gum.gov.pl iburst # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery restrict 192.168.11.0 mask 255.255.255.0 nomodify notrap restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap restrict 192.168.255.0 mask 255.255.255.0 nomodify notrap restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. #restrict 192.168.123.0 mask 255.255.255.0 notrust # If you want to provide time to your local subnet, change the next line. # (Again, the address is an example only.) #broadcast 192.168.123.255 # If you want to listen to time broadcasts on your local subnet, de-comment the # next lines. Please do this only if you trust everybody on the network! #disable auth #broadcastclient
下面是对你的configuration(不包括注释)的默认Debian 8 NTPconfiguration的消毒差异:
0a1 > tinker panic 0 1a3 > statsdir /var/log/ntpstats/ 6,9c8,11 < server 0.debian.pool.ntp.org iburst < server 1.debian.pool.ntp.org iburst < server 2.debian.pool.ntp.org iburst < server 3.debian.pool.ntp.org iburst --- > server 0.pool.ntp.org > server 1.pool.ntp.org > server 2.pool.ntp.org > server 3.pool.ntp.org 11a14,17 > restrict 192.168.11.0 mask 255.255.255.0 nomodify notrap > restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap > restrict 192.168.255.0 mask 255.255.255.0 nomodify notrap > restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap 13d18 < restrict ::1
这些变化都不会造成上游连接问题。 当我把你的configuration放在虚拟机上时,会产生一个工作configuration(尽pipe我build议保持默认的服务器线路而不是replace)。
所以看起来不pipe是什么原因导致你的问题在这台机器的外部。 一些缩小问题的build议:
确认DNS正确parsingNTP服务器名称(即不parsing到您的服务器):
host 0.pool.ntp.org grep 0.pool.ntp.org /etc/hosts
这些覆盖是你的问题的最可能的原因,因为你的configuration中似乎没有其他的东西会导致你的系统使用10.1.100.11作为NTP服务器。
使用ntpdate或sntp检查您是否连接到NTP池:
ntpdate -d 0.pool.ntp.org sntp 0.pool.ntp.org
或者在使用tcpdump,tshark或wireshark嗅探数据包时重新启动ntp:
tshark -i eth0 -n -f 'udp port 123' & service ntp restart
如果其中任何一个失败了,或者你看到你的请求没有回复,你可能会在某处阻止你的请求。
如果您需要进一步帮助进行跟踪,请input以下内容:
tail /var/log/ntpstats/peerstats