NTP synchronizing always in local

Question

I have an Ubuntu 16.04 with the following NTP configuration:

driftfile /var/lib/ntp/drift

restrict -4 default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1 nomodify notrap
restrict 10.0.200.15 mask 255.255.255.0 nomodify notrap

server 127.127.1.0
fudge 127.127.1.0 stratum 10

server 0.ntp.pool.org iburst prefer minpoll 4 maxpoll 7
server 1.ntp.pool.org iburst prefer minpoll 4 maxpoll 7
server 2.ntp.pool.org iburst prefer minpoll 4 maxpoll 7
tinker panic 0

restrict 127.0.0.1
restrict -6 ::1

But it is always synchronizing with localhost (I think it is because the lower stratum value):

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 127.127.1.0     .LOCL.          10 l  16h   64    0    0.000    0.000   0.000
 64.99.80.121    .STEP.          16 u    -  128    0    0.000    0.000   0.000

However I want it to synchronize with the external NTP ntp.pool.org

I have added the ubuntu ntp server to the ntp.conf file:

server ntp.ubuntu.com iburst prefer minpoll 4 maxpoll 7

And now I see that it has a stratum 2 and the ntp is able to synchronize to it:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 127.127.1.0     .LOCL.          10 l  16h   64    0    0.000    0.000   0.000
 64.99.80.121    .STEP.          16 u    -  128    0    0.000    0.000   0.000
*91.189.91.157   194.58.200.20    2 u   15  128  377   79.191    0.042   1.964

The ntptrace gives timeout for both servers:

$ ntptrace ntp.ubuntu.com
ntp.ubuntu.com: timed out, nothing received
***Request timed out

$ ntptrace ntp.pool.org
ntp.pool.org: timed out, nothing received
***Request timed out

Am I missing some configuration to be able to synchronize only with ntp.pool.org?

I have checked the answers here but I'm not finding an answer for my case

---

UPDATE

This VM will act as ntp server for another VMs.

Query results:

ntpdate -q ntp.pool.org
server 64.99.80.121, stratum 0, offset 0.000000, delay 0.00000
26 Nov 14:34:37 ntpdate[4577]: no server suitable for synchronization found

ntpdate -q ntp.ubuntu.com
server 91.189.94.4, stratum 2, offset 0.000290, delay 0.03615
server 91.189.89.199, stratum 2, offset 0.000654, delay 0.03668
server 91.189.89.198, stratum 2, offset -0.000251, delay 0.03674
server 91.189.91.157, stratum 2, offset 0.000159, delay 0.10548
26 Nov 14:36:15 ntpdate[4585]: adjust time server 91.189.94.4 offset 0.000290 sec

I have found in ntp documentation that stratum 16 indicates some problems with the ntp server. Can we conclude that ntp.pool.org is not working ?

Answer 1

ntp.pool.org

Should be

pool.ntp.org

(reference: https://www.pool.ntp.org)

Answer 2

Short version: yes, you are missing configuration to allow your pool configuration to work.

Long version:

1. You should start with the default Ubuntu ntp.conf, not your template. You should also keep your configuration as close to that default as possible, to make it easy to merge with the default configuration on new releases, and to minimise impact on pool servers. (In particular, it's best not to fiddle with maxpoll.) In your case, the only things you need to change are adding tinker panic 0 and your local server. You should not use server 127.127.1.0 and fudge 127.127.1.0 ....

2. It is very normal for ntptrace to time out when querying public servers. The method it uses to query servers is susceptible to DDoS attacks and is therefore disabled by default on modern ntpd versions.

3. The part of the default configuration you are missing is: restrict source notrap nomodify noquery. It's marked with the comment "Needed for adding pool entries". :-)