Posted: Sat Oct 03, 2020 9:56 Post subject: [ SOLVED ] ntpclient and ntpd problems
I am using Firmware: DD-WRT v3.0-r40559 on an Asus AC68U C1 router.
As others have reported, the NTP Client as set on the dd-wrt gui doesn't work. I've tried every possible option and the current date/time is not updated.
I have run telnet sessions on the router, and tried calling ntpclient and ntpd from the session.
What I find is that while the commands run, there is zero return or error messages.
# ntpclient -s -h pool.ntp.org
# ntpclient -d
I have used a number of tools that indicate that settings on the router, including dnsmasq etc. are working.
So I'm wondering whether there is a problem with the ntpclient and ntpd programs that have been bundled in dd-wrt.
I would be happy to hear any experiences in this regard.
Last edited by kinleyd on Tue Oct 13, 2020 9:09; edited 2 times in total
Installed Firmware: DD-WRT v3.0-r44483 std (10/02/20), rebooted router, and the problem is the same. No updates to the date/time, with/without NTP Server IP/Name, etc.
And no effect or return messages from ntpclient and ntpd commands.
this works, so dns resolution from the router is not a problem:
# ping -c4 pool.ntp.org
PING pool.ntp.org (133.243.238.163): 56 data bytes
64 bytes from 133.243.238.163: seq=1 ttl=35 time=249.940 ms
So I enabled syslogd, and yes, it confirms that ntpclient is working and is in fact periodically calling the remote NTP server. It logs the failure to update router time, and cites 'timeout waiting for pool.ntp.org' as the reason.
So clearly the ntpclient isn't the problem, just as you both have stated. I will now have to roll up my sleeves and see what i've screwed up in the router settings. Since my router is used by the rest of the family I'm not prepared to reset it and start from scratch at this time. When I do, I will report back here.
I will warn you, some of the ntp servers will ban you for a while if you make too many calls to them in a short amount of time. I have read it in Terms of Service and also actually had it happen when I was doing some testing (funny story).
The other thing that I can say is sometimes you can get locked on a bad dns entry.
Not saying that any of those are the causes, since most of those would have expired after a while.
I will warn you, some of the ntp servers will ban you for a while if you make too many calls to them in a short amount of time. I have read it in Terms of Service and also actually had it happen when I was doing some testing (funny story).
The other thing that I can say is sometimes you can get locked on a bad dns entry.
Not saying that any of those are the causes, since most of those would have expired after a while.
Ah, the risk of being banned is concerning. syslog indicates that the router is making frequent calls to the ntp servers. I was surprised by that as I read that it would only do that once a day, or something like that. Is there a place I can set the number of updates in a period?
Regarding dns:
I ran these commands from my desktop:
# nmap -sU -p 53 rou.ter.I.P -Pn
# nmap -sT -p 53 rou.ter.I.P -Pn
and get the all clear port 53 is open message.
$ dig google.com
also confirmed dns resolution was properly picking up the router as dns server.
Could you suggest any other tests I could run to confirm if my dns setup is at fault?
So the banning happens in some strange cases here is example text:
Quote:
All users should ensure that their software NEVER queries a server more frequently than once every 4 seconds. Systems that exceed this rate will be refused service. In extreme cases, systems that exceed this limit may be considered as attempting a denial-of-service attack.
So I really doubt you are doing that, as I said I was doing testing and had multiple machines querying from behind nat, so they all looked as if it was coming from the same machine at a high rate.
By default, DD-wrt is set to query and sync every hour, so you are fine there.
A couple things that you could try:
1. try dig pool.ntp.org @rou.ter.I.P
2. Have you modified any firewall settings?
So the banning happens in some strange cases here is example text:
Quote:
All users should ensure that their software NEVER queries a server more frequently than once every 4 seconds. Systems that exceed this rate will be refused service. In extreme cases, systems that exceed this limit may be considered as attempting a denial-of-service attack.
So I really doubt you are doing that, as I said I was doing testing and had multiple machines querying from behind nat, so they all looked as if it was coming from the same machine at a high rate.
By default, DD-wrt is set to query and sync every hour, so you are fine there.
A couple things that you could try:
1. try dig pool.ntp.org @rou.ter.I.P
2. Have you modified any firewall settings?
Thanks for the clarification. I think ntpclient is running every few minutes, so that's a relief. Although syslog does say it times out against npt.org while it doesn't time out against time.google.com. In both cases it's followed by 'daemon.err process_monitor[1945]: cyclic NTP Update failed".
Re 1: dig pool.ntp.org @rou.ter.I.P:
I get status: NOERROR ...
;; ANSWER SECTION:
pool.npt.org. 7113 IN A 69.163.171.181
Re 2. No, I haven't modified any firewall settings.