On Thu, Feb 12, 2015 at 02:05:59AM +1300, Carlin Bingham wrote:
> On Wed, 11 Feb 2015, at 12:32 AM, Reyk Floeter wrote:
> > Let me share the answer to a question that I got in a private mail:
> >
> > > On Tue, Feb 10, 2015 at 10:55:53AM +0100, Reyk Floeter wrote:
> > >> ---snip---
> > >> servers pool.ntp.org
> > >> constraints from "https://www.google.com/search?q=openntpd";
> > >> constraints from www.twitter.com
> > >> constraint from www.apple.com
> > >> ---snap---
> > >>
> > >
> > > Is the last "constraint" in singular pointing to www.apple.com valid or is
> > > it a typo?
> > >
> >
> > Yes, it is valid. As mentioned in the man page, it works like the
> > existing server vs. servers for NTP peers.
> >
> > When a hostname or URL is specified, ntpd(8) will resolve the host.
> > The singular version will use only one of the returned IP addresses
> > and the plural version will use it as a pool and use all of the
> > returned IP addresses.
> >
> > Following the example, a "dig A" on www.google.com or www.apple.com
> > will typically show you a number of addresses, while the Akamai-hosted
> > www.apple.com only returns one address near you. You're free to use
> > any host, and some people might prefer to use their own trusted
> > servers, I just picked some examples with good availability and
> > seemingly good time.
> >
> > Reyk
> >
>
> Using `constraints` I see it trying to query both the IPv4 addresses and
> the IPv6 addresses that the hostname resolves to, even though the
> machine has no IPv6 access. Is this expected?
>
Yes, it is. If the request to the IPv6 address fails, it will simply
ignore the host. There is the AI_ADDRCONFIG flag in the resolver that
does what you want. But I discussed it with Henning and we concluded
that ntpd MUST NOT use it - the availability of IPv6 at startup does
not necessarily mean that it will not be available later. ntpd is a
long-running process that is also used on laptops etc. that move
between networks but ntpd keeps on running.
If you want to disable IPv6 lookups comepletely, put the following in
your /etc/resolv.conf:
family inet4
And remove "family inet6" if you happen to find it in the file.
Reyk
