1

I have been working with setting up an NTP server for testing IPv6 syncing. I am unable to find any help with getting the configuration to work.

If ntp 4.2.6 and ntpdate 4.2.6 say they support IPv6, why is there no documentation explaining what needs to be done to get it working.

My config:

fe80:1000:2000:3000::1/64. = NTP server

NTP servers interface:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:92:18:07 brd ff:ff:ff:ff:ff:ff
inet 10.30.15.1/16 brd 10.30.255.255 scope global noprefixroute eth0
   valid_lft forever preferred_lft forever
inet6 fe80:1000:2000:3000::1/64 scope link noprefixroute
   valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe92:1807/64 scope link noprefixroute
   valid_lft forever preferred_lft forever

ntp.conf without comments = 

  driftfile /var/lib/ntp/drift

  restrict default nomodify notrap nopeer noquery
  restrict -6 default nomodify notrap nopeer noquery

  restrict 127.0.0.1
  restrict ::1

  server 0.centos.pool.ntp.org iburst
  server 1.centos.pool.ntp.org iburst
  server 2.centos.pool.ntp.org iburst
  server 3.centos.pool.ntp.org iburst

  includefile /etc/ntp/crypto/pw

  keys /etc/ntp/keys

  disable monitor

fe80:1000:2000:3000::2 = Client ntp.conf without comments = 

driftfile /var/lib/ntp/drift

restrict 127.0.0.1
restrict ::1

server -6 fe80:1000:2000:3000::1
server -6 DNS-NTP.example.com

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

disable monitor

I know we can resolve the IP -> Hostname and Hostname -> IP

[root@ClientIPv6 ~]# nslookup -query=aaaa = DNS-NTP.example.com
Server:     fe80:1000:2000:3000::1
Address:    fe80:1000:2000:3000::1#53

DNS-NTP.example.com has AAAA address fe80:1000:2000:3000::1

[root@ClientIPv6 ~]# nslookup -query=aaaa fe80:1000:2000:3000::1
Server:     fe80:1000:2000:3000::1
Address:    fe80:1000:2000:3000::1#53

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.1.0.8.e.f.ip6.arpa    name = DNS-NTP.example.com.

ntpdate and ntpq -pn dont show time being synced. 

[root@ClientIPv6 ~]# ntpdate -6 -q DNS-NTP.example.com
Error resolving DNS-NTP.example.com: Name or service not known (-2)
31 Jan 13:23:14 ntpdate[25967]: Can't find host DNS-NTP.example.com: Name or service not known (-2)
31 Jan 13:23:14 ntpdate[25967]: no servers can be used, exiting

[root@ClientIPv6 ~]# ntpdate -6 -q fe80:1000:2000:3000::1
31 Jan 13:23:23 ntpdate[25971]: no servers can be used, exiting

This shows the IPv4 address working but the IPv6 does not. (10.30.15.1 is the DNS-NTP.example.com address on the same interface as the IPv6 one...)

[root@ClientIPv6 ~]# ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 10.30.15.1      200.160.0.8      3 u    -   64    1    0.122  -42.146   0.000
 fe80:1000:2000: .INIT.          16 -    -   64    0    0.000    0.000   0.000

There is no firewall on either server to stop the traffic.

My guess is there is some special way to config ntp.conf but i cant find it online at all.

Can someone please help? Let me know if there is any other info that will help.

r-diggz
  • 51
  • 1
  • 8
  • Is the problem because you are not using the [Zone ID](https://networkengineering.stackexchange.com/a/46657/8499) for link-local addresses? – Ron Maupin Jan 31 '19 at 18:39
  • Also, you have incorrect addresses for the link-local addresses. For example, `fe80:1000:2000:3000::1` should be `fe80::1000:2000:3000:1`. – Ron Maupin Jan 31 '19 at 18:41
  • Im not sure. I changed the mask so i thought i would not run into any of these issues. – r-diggz Jan 31 '19 at 18:42
  • [The RFC for link-local addresses](https://tools.ietf.org/html/rfc4291#section-2.5.6) explains that the prefix is `fe80` for 10 bits, followed by 54 `0` bits, for a `/64` address. Every interface will have a link-local address in the same network, so you must use a [Zone ID](https://tools.ietf.org/html/rfc6874) for link-local address literals. The addresses you are using are invalid, and they have no Zone ID. – Ron Maupin Jan 31 '19 at 18:47
  • So even though the network is 'fe80:1000:2000:3000::/64' i have to change the first 10 bits to something other than 'fe8'? I could change the network to 'fb80:1000:2000:3000::/64' and it would fix the ntp issue? I do not have any issue with dns on that network. – r-diggz Jan 31 '19 at 18:50
  • 2
    `fb80:1000:2000:3000::/64` is also invalid addressing. You cannot simply make up addresses. You could use [ULA addressing](https://tools.ietf.org/html/rfc4193) `fc00::/7`, but there are rules around it. You can use the `fd00::/8` half of the ULA range, but you must randomly select the next 40 bits of the prefix. – Ron Maupin Jan 31 '19 at 19:06
  • Thank you, Ron. I changed to address space to 1230:1000:2000:3000::/64 and all is working. If you put that into an answer, i will mark it as the solution. – r-diggz Jan 31 '19 at 19:08
  • 1
    That is also invalid IPv6 addressing. You CANNOT simply make up such addresses. You are using addressing that is RESERVED. – Ron Maupin Jan 31 '19 at 19:09

2 Answers2

4

For those of you following along, i needed to change the address as pointed out by Ron Maupin.

I changed all the IPs to be in the fddb:abe7:8164:14eb::/64 space and all is working with the above config.

r-diggz
  • 51
  • 1
  • 8
-1

Remove or comment IPv6 localhost from your hosts file:

#::1 localhost6.localdomain6 localhost6
Glorfindel
  • 1,213
  • 4
  • 15
  • 22
T D S
  • 45
  • 3