"DNS lookup tempfail" when running on an openbsd IPv6-only node

Question

"DNS lookup tempfail" when running on an openbsd IPv6-only node

ongolaboy opened this issue a year ago · 2 comments

Hello,

I'm running ntp-4.2.8pl10p6 on openbsd7.4 .. I saw messages like this one
ntpd[26862]: DNS lookup tempfail

This node is running with IPv6-only.

The default ntpd.conf shipped is

# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf

servers pool.ntp.org
server time.cloudflare.com
sensor *

constraint from "9.9.9.9"              # quad9 v4 without DNS
constraint from "2620:fe::fe"          # quad9 v6 without DNS
constraints from "www.google.com"      # intentionally not 8.8.8.8

Since I did not have IPv4, I initially only commented the constraint with IPv4 . But it was not enough.

Then I realised that pool.ntp.org doesn't include a AAAA record. I ended up by commenting the servers line and added several servers close enough .

# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf

#servers pool.ntp.org
server time.cloudflare.com
server ntp1.xxxx
server ntp2.xxxx
sensor *

#constraint from "9.9.9.9"              # quad9 v4 without DNS
constraint from "2620:fe::fe"          # quad9 v6 without DNS
constraints from "www.google.com"      # intentionally not 8.8.8.8

At this moment, I don't know how the geo-location discovery is working, but can you please consider those running IPv6 (only) client and allow discovery of AAAA records for pool.ntp.org?

Answer 1 · 2024-02-10T19:02:26.000Z

Try adding

servers 2.openbsd.pool.ntp.org.

I don't know why openbsd isn't using their vendor zone openbsd.pool.ntp.org in their example/default ntpd.conf. The 2 is unfortunately a long-understood issue with the ntppool.org system -- AAAA records are only returned for 2.*.pool.ntp.org. Other *.pool.ntp.org names all return only IPv4.

I'm really curious why AAAA isn't supported for all of pool.ntp.org at this point.

Answer 2 · 2024-02-16T06:32:54.000Z

Try adding

servers 2.openbsd.pool.ntp.org.

Thanks, it worked.

I don't know why openbsd isn't using their vendor zone openbsd.pool.ntp.org in their example/default ntpd.conf.

Here is the answer https://marc.info/?l=openbsd-misc&m=170792716928891&w=2

The 2 is unfortunately a long-understood issue with the ntppool.org system -- AAAA records are only returned for 2.*.pool.ntp.org. Other *.pool.ntp.org names all return only IPv4.

I'm really curious why AAAA isn't supported for all of pool.ntp.org at this point.

Yeah.. I'm joining you on that one .