9

I have a network of solaris/linux servers that have ntpd configured to use a single internal server of stratum 2 through a DNS alias/CNAME. This is server is down for some time and the client servers' clocks are out of sync.

Since we have another internal server of stratum 1 (PPS), the DNS CNAME has been modified to point to the new server (which is up).

But using ntpq -p i can see that the client servers are still pointing to the old server. It looks like they are not resolving again the peer name, so they don't get the new server IP.

How do i smoothly update ntpd's peer list ?

If i restart (x)ntpd, it's going to create timejumps. I wish ntpd would have updated its peer list / configuration and smoothly synced with the new server.

Benoît
  • 1,341
  • 3
  • 11
  • 23

2 Answers2

6

ntpdc can do this for you -- specifically the addpeer and unconfig commands.
Basically update your config file, then use ntpdc to add the new peers and remove ("unconfigure") the old ones (after ntpd accepts the new peers as sane candidates for synchronization!)

You should also consider using a redundant device (routers with HSRP, or unix machines with HA failover/CARP/etc.) as your NTP source, or configuring more than one peer -- You don't want your clocks going insane just because one time server has a problem...

voretaq7
  • 79,879
  • 17
  • 130
  • 214
  • Thanks. But it would be better if ntpd refreshed/resolved its servers list instead of sticking to the one IP it resolved on start. – Benoît Jul 15 '10 at 09:39
  • On few servers, i got 'permission denied', so instead i run ntpdate -uB and when i sync, i restarted ntpd. – Benoît Jul 15 '10 at 10:03
  • There are a bunch of problems with re-resolving the servers on some periodic basis (people using pool.ntp.org could get servers with noticeably different times, what do you do if DNS breaks, what do you do if DNS gets hijacked & sends you to a false-ticker, etc...) -- NTP also isn't the only thing that behaves this way (hostnames in firewall rules lead to the same kind of issue) :-) – voretaq7 Jul 15 '10 at 13:54
  • 1
    This does not work for me: addpeer or addserver ask for a “Keyid: ” and refuse to work for empty or 0, and ask for an “MD5 Password: ” else and then say “***Permission denied”. – mirabilos Jun 04 '14 at 13:10
0

If said servers are configured via DHCP (which they are, for easy renumbering, right? :) ) then you can update the DHCP server to send option 42 with the new server address. They should all reacquire their leases (and get updated) at some point, right?

pjz
  • 10,595
  • 1
  • 32
  • 40