From owner-freebsd-questions@FreeBSD.ORG Thu Apr 9 18:33:23 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 51F5139F for ; Thu, 9 Apr 2015 18:33:23 +0000 (UTC) Received: from btw.pki2.com (btw.pki2.com [IPv6:2001:470:a:6fd::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 12E1A288 for ; Thu, 9 Apr 2015 18:33:23 +0000 (UTC) Received: from localhost (localhost [IPv6:::1]) by btw.pki2.com (8.14.9/8.14.9) with ESMTP id t39IXAHs073083; Thu, 9 Apr 2015 11:33:10 -0700 (PDT) (envelope-from freebsd@pki2.com) DMARC-Filter: OpenDMARC Filter v1.3.1 btw.pki2.com t39IXAHs073083 Authentication-Results: btw.pki2.com; dmarc=none header.from=pki2.com DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=pki2.com; s=pki2; t=1428604390; bh=oBJjKyXaiYuQu1z1O/c1DFZYnaWUEPjIzpWYlrfzo9s=; h=Subject:From:To:Cc:Date:In-Reply-To:References; z=Subject:=20Re:=20NTP=20peering=20broken=20since=20recent=20securi ty=20update?|From:=20Dennis=20Glatting=20|To:=20 Kent=20Kuriyama=20|Cc:=20Arthur=20Chance= 20,=20FreeBSD-Questions=0D=0A=09=20|Date:=20Thu,=2009=20Apr=202015=2011:33:10=20 -0700|In-Reply-To:=20|References:=20<5526A2F1.5030609@qeng-ho. org>=0D=0A=09=20; b=YfQCQp19gYmBQ6ZHNFr3cqxWwqUTaHCLx0XQC/xjU3YLn7gQ0+XClSvlvo/2ADNyn hc4bIJO86gtBMGKiFV0HeMK54TQGsXOcv1hXPYSlOkmyjOw57OavjP5Sdqdc+Ta5pa J71PPawdbWgZaH2LOY8RULXURUl/vsgeMCfAE/5UKbZ2wq8mz+0x+VpzJ5boFcBpFz uSMtV+AEMhHYbiayJL3vPnziRc94zgLIWzZudL04m0XxATOPxAaaTAVDAHmYL2chsY lHZAFE4wZtVnHi3xYRVMDLGB/oTw1bi1Z3m+SFSfMw2owDLW8EXbJUETEhQYDONZ2h xCq0Ulx3hwofw== Message-ID: <1428604390.72987.0.camel@pki2.com> Subject: Re: NTP peering broken since recent security update? From: Dennis Glatting To: Kent Kuriyama Date: Thu, 09 Apr 2015 11:33:10 -0700 In-Reply-To: References: <5526A2F1.5030609@qeng-ho.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-SoftwareMunitions-MailScanner-Information: Dennis Glatting X-SoftwareMunitions-MailScanner-ID: t39IXAHs073083 X-SoftwareMunitions-MailScanner: Found to be clean X-MailScanner-From: freebsd@pki2.com Cc: Arthur Chance , FreeBSD-Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Apr 2015 18:33:23 -0000 On Thu, 2015-04-09 at 08:14 -1000, Kent Kuriyama wrote: > Are you doing any NTP authentication between peers? > I am. And yes, NTP stopped working between peers after the last patch (I'm at r281238). NTP 4.3.14 (net/ntp-devel) seems to work, though. FreeBSD-SA-15:07.ntp is not terribly useful. It says there is no work around and you should upgrade. Yet, now that I upgraded and without configuration changes, my five Statum2 core is now broken and it isn't (yet) clear how to fix it. That's a serious problem. By default NTP isn't compiled with debug. Patching/recompiling is a limited process on core systems, so I was hoping ntp-devel would help debug. Nada > On Thu, Apr 9, 2015 at 6:04 AM, Arthur Chance wrote: > > > I have three NTP servers on my internal networks. Each of them uses > > various external machines as servers but they also peer with the other two > > internal ones to give some resilience in case the outside world goes away. > > Since the update and restart associated with FreeBSD-SA-15:07.ntp the ntpd > > processes appear to be unable to see peers (reach = 0) although they're > > locking onto the servers quite happily. > > > > Anyone else seeing this? > > > > -- > > Those who do not learn from computing history are doomed to > > GOTO 1 > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions- > > unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"