I had to change them to 2.pool.ntp.org to work btw
Interesting, that should not be necessary according to the man page:
Quote:
-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>]][@<interface>][@<source-ip>[#<port>]]
Specify IP address of upstream servers directly. Setting this flag does not suppress reading of /etc/resolv.conf, use --no-resolv to do that. If one or more optional domains are given, that server is used only for those domains and they are queried only using the specified server. This is intended for private nameservers: if you have a nameserver on your network which deals with names of the form xxx.internal.thekelleys.org.uk at 192.168.1.1 then giving the flag --server=/internal.thekelleys.org.uk/192.168.1.1 will send all queries for internal machines to that nameserver, everything else will go to the servers in /etc/resolv.conf. DNSSEC validation is turned off for such private nameservers, UNLESS a --trust-anchor is specified for the domain in question. An empty domain specification, // has the special meaning of "unqualified names only" ie names without any dots in them. A non-standard port may be specified as part of the IP address using a # character. More than one --server flag is allowed, with repeated domain or ipaddr parts as required.
More specific domains take precedence over less specific domains, so: --server=/google.com/1.2.3.4 --server=/www.google.com/2.3.4.5 will send queries for google.com and gmail.google.com to 1.2.3.4, but www.google.com will go to 2.3.4.5
Matching of domains is normally done on complete labels, so /google.com/ matches google.com and www.google.com but NOT supergoogle.com. This can be overridden with a * at the start of a pattern only: /*google.com/ will match google.com and www.google.com AND supergoogle.com. The non-wildcard form has priority, so if /google.com/ and /*google.com/ are both specified then google.com and www.google.com will match /google.com/ and /*google.com/ will only match supergoogle.com.
For historical reasons, the pattern /.google.com/ is equivalent to /google.com/ if you wish to match any subdomain of google.com but NOT google.com itself, use /*.google.com/
My log also seems to indicate it works:
Quote:
Jan 1 01:00:53 R7800 daemon.info dnsmasq[981]: using nameserver 9.9.9.9#53 for domain pool.ntp.org
Jan 1 01:00:53 R7800 daemon.info dnsmasq[981]: using nameserver 1.0.0.1#53 for domain pool.ntp.org
Jan 1 01:00:58 R7800 daemon.info dnsmasq[1408]: using nameserver 9.9.9.9#53 for domain pool.ntp.org
Jan 1 01:00:58 R7800 daemon.info dnsmasq[1408]: using nameserver 1.0.0.1#53 for domain pool.ntp.org
Jan 1 01:01:00 R7800 daemon.debug ntpclient[1620]: Connecting to 2.pool.ntp.org [46.243.26.34] ...
Nov 9 10:10:23 R7800 daemon.info ntpclient[1620]: Time set from 2.pool.ntp.org [46.243.26.34].
I have reproduced your problem with the custom NTP entry and am talking to the developer about it.
yep me too
egc wrote:
the-joker wrote:
enabling dnscrypt causes ntp_server to be ignored wheres the code for that?
I am not quite sure if you have understood me correctly.
I have been able to reproduce your problem with the custom NTP Server and dnscrypt and have forwarded all details and logs to Brainslayer.
I'm pretty sure it doesn't need any further action.
If you have a patch solution, it's easier to do a pull request via github. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Wed Nov 09, 2022 15:42 Post subject:
It's almost as if there's a Bill Murray comical moment here, but I don't know how to execute it. Anyway, we have a workaround for dnssec/dnscrypt in relation to NTP, and I am pretty sure this has been the situation for quite some time? _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Wed Nov 09, 2022 15:51 Post subject:
kernel-panic69 wrote:
It's almost as if there's a Bill Murray comical moment here, but I don't know how to execute it. Anyway, we have a workaround for dnssec/dnscrypt in relation to NTP, and I am pretty sure this has been the situation for quite some time?