ntpMerlin Many DNS querys for NTP

[Markfree]

I was monitoring Dnsmasq log through Diversion's option and saw that my router's NTP is making a lot DNS querys.
I'm using NTPMerlin with Chrony as NTP server and every 15s approximately it makes a new query.
Here is an example of the many requests made.

Enter term to filter by  [q=Quit] pool.ntp.org from 127.0.0.1


  i  Press Ctrl-C to exit


Apr 22 17:12:02 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
17:12:02 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
Apr 22 17:12:02 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
17:12:02 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
Apr 22 17:12:17 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
17:12:17 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
Apr 22 17:12:17 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
17:12:17 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
Apr 22 17:12:28 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
17:12:28 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
Apr 22 17:12:28 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
17:12:28 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
Apr 22 17:12:32 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
17:12:32 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
Apr 22 17:12:32 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
17:12:32 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
Apr 22 17:12:47 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
17:12:47 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
Apr 22 17:12:47 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
17:12:47 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
Apr 22 17:13:02 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
17:13:02 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
Apr 22 17:13:02 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
17:13:02 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
Apr 22 17:13:17 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
17:13:17 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
Apr 22 17:13:17 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
17:13:17 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
Apr 22 17:13:28 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
17:13:28 dnsmasq[786]: query[A] pool.ntp.org from 127.0.0.1
Apr 22 17:13:28 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1
17:13:28 dnsmasq[786]: query[AAAA] pool.ntp.org from 127.0.0.1

It seems like it is syncing every 15s or so, but I don't need that much.
Why is it so frequent?
Can I reduce the frequency?

 

[EmeraldDeer]

• Queries are frequent on startup and gradually slow down
• Query frequency is a power of two seconds
• If the gap is not a power of two, then perhaps there are multiple NTP clients

 

[heysoundude]

• Queries are frequent on startup and gradually slow down
• Query frequency is a power of two seconds
• If the gap is not a power of two, then perhaps there are multiple NTP clients

to the second bullet point - they are talking about the "poll" setting - 15 sec is almost 2^4 seconds meaning somewhere (chrony config) poll might be set to 4. 6 is plenty: 2^6 is 64 seconds,..1350 times per day for your router to check time
the last bullet point - this might explain things...I see 15, 11, 4, 13 second gaps... it should be 1sec, 2, 4, 8. 16, 32, 64, 128...(it can even go into fractions of a second 2^ -1 is 0.5, 2^-2 is .25 etc but some servers might kick you off if you use that functionality)

 

[Markfree]

Thanks for the replys.

I set Chrony to have "minpoll" with 2 to the 7th. So, I think it should give at least 2 minutes of gap between polling. But that's not what's happening.
My current configuration is this:

pool pool.ntp.org iburst prefer trust minpoll 7 maxsources 2

Chrony works as a server and client at the same time in my environment. All of its clients are configured with IPs and pointing to the router (server 192.168.1.1), so they don't create any DNS request.
Only the router itself syncs with outside NTP.

I can see that queries do not "slow down" gradually. Actually, there is a pattern to them every minute, as pointed by @heysoundude .

 

[EmeraldDeer]

Thanks for the replys.

I set Chrony to have "minpoll" with 2 to the 7th. So, I think it should give at least 2 minutes of gap between polling. But that's not what's happening.
My current configuration is this:

pool pool.ntp.org iburst prefer trust minpoll 7 maxsources 2

Chrony works as a server and client at the same time in my environment. All of its clients are configured with IPs and pointing to the router (server 192.168.1.1), so they don't create any DNS request.
Only the router itself syncs with outside NTP.

I can see that queries do not "slow down" gradually. Actually, there is a pattern to them every minute, as pointed by @heysoundude .

Unless you have reasons, I would make the server line simply "pool pool.ntp.org iburst"

 

[Markfree]

Unless you have reasons, I would make the server line simply "pool pool.ntp.org iburst"

I've tried that already.
I set up "minpoll 7" to see if it would reduce queries, but didn't work.

 

[EmeraldDeer]

Then something is wrong which prevents chrony clock adjustment from settling down.
To check your settings, substitute your entware directory in the following command and post the output

# grep -E -v "^#|^!|^%|^;" /tmp/mnt/ent/entware/share/ntpmerlin.d/chrony.conf | sort -u

This is what I have

allow 192.168.50.0/24
bindaddress 192.168.50.1
binddevice br0
driftfile /opt/var/lib/chrony/drift
dumpdir /opt/var/lib/chrony
dumponexit
lock_all
logchange 0.1
makestep 0.1 3
maxupdateskew 5
ntsdumpdir /opt/var/lib/chrony
pidfile /opt/var/run/chrony/chronyd.pid
pool time.apple.com maxsources 5
pool time.cloudflare.com nts
server 192.168.50.230 iburst minpoll 3 maxpoll 3 xleave

And check what chrony is doing with the following commands

chronyc tracking
chronyc sources
chronyc sourcestats
chronyc selectdata
chronyc clients

And here are my results. I had just restarted but it is settling down.

===============================================================================
Reference ID    : C0A832E6 (LeoNTP)
Stratum         : 2
Ref time (UTC)  : Fri Apr 23 13:53:13 2021
System time     : 0.000001843 seconds fast of NTP time
Last offset     : +0.000001568 seconds
RMS offset      : 0.000013909 seconds
Frequency       : 5.968 ppm slow
Residual freq   : +0.001 ppm
Skew            : 0.034 ppm
Root delay      : 0.000515229 seconds
Root dispersion : 0.000042616 seconds
Update interval : 48.3 seconds
Leap status     : Normal
===============================================================================
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* LeoNTP                        1   3   377    32    +13us[  +15us] +/-  283us
^- usnyc3-ntp-004.aaplimg.c>     1   7   377    15  -2955us[-2955us] +/- 7771us
^- usnyc3-ntp-001.aaplimg.c>     1   8   377    82  -2944us[-2942us] +/- 6886us
^- usqas2-ntp-002.aaplimg.c>     1   7   377    81  -2095us[-2093us] +/- 9525us
^- usnyc3-ntp-002.aaplimg.c>     1   9   377    82  -2935us[-2933us] +/- 7557us
^- usqas2-ntp-001.aaplimg.c>     1   7   377     9  -2562us[-2562us] +/-   10ms
^- time.cloudflare.com           3   8   377   207  -2566us[-2556us] +/-   12ms
^- time.cloudflare.com           3   9   377    24  -2315us[-2315us] +/-   12ms
^- time.cloudflare.com           3   7   377    14  -2717us[-2717us] +/-   12ms
^- time.cloudflare.com           3   9   377   148  -2006us[-1996us] +/-   12ms
===============================================================================
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
LeoNTP                     33  16   890     +0.001      0.032    +20ns    14us
usnyc3-ntp-004.aaplimg.c>  21   9   93m     +0.070      0.044  -2260us    64us
usnyc3-ntp-001.aaplimg.c>  22  13  115m     +0.044      0.036  -2430us    56us
usqas2-ntp-002.aaplimg.c>  21  11   34m     +0.028      0.039  -2114us    31us
usnyc3-ntp-002.aaplimg.c>  29  15  281m     +0.134      0.021  -1897us   169us
usqas2-ntp-001.aaplimg.c>  17   9   31m     -0.007      0.113  -1916us    59us
time.cloudflare.com        14   9   26m     -0.109      0.275  -2229us   112us
time.cloudflare.com        31  15  314m     +0.131      0.017  -1662us   150us
time.cloudflare.com        14   9   32m     -0.070      0.249  -1725us   132us
time.cloudflare.com         8   4   32m     +0.036      0.367  -1903us   123us
===============================================================================
S Name/IP Address        Auth COpts EOpts Last Score     Interval  Leap
=======================================================================
* LeoNTP                    N ----- -----   23   1.0  -258us  +265us  N
D usnyc3-ntp-004.aaplimg.c> N ----- -----    5   1.0 -9420us +5064us  N
D usnyc3-ntp-001.aaplimg.c> N ----- -----   72   1.0 -8933us +3954us  N
D usqas2-ntp-002.aaplimg.c> N ----- -----   71   1.0   -12ms +7435us  N
D usnyc3-ntp-002.aaplimg.c> N ----- -----   73   1.0 -8530us +4946us  N
D usqas2-ntp-001.aaplimg.c> N ----- -----    0   1.0   -12ms +7541us  N
D time.cloudflare.com       Y ----- --TR-  197   1.0   -14ms +9668us  N
D time.cloudflare.com       Y ----- --TR-   13   1.0   -13ms +9660us  N
D time.cloudflare.com       Y ----- --TR-    3   1.0   -13ms +9541us  N
D time.cloudflare.com       Y ----- --TR-  137   1.0   -14ms +9553us  N
===============================================================================
Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
===============================================================================
XXXXXXXXXXX                   269      0   3   -     2       0      0   -     -
YYYYYYYY                      3        0  -5   -   949       0      0   -     -
ZZZZZZZZZ                     3        0  -5   -   228       0      0   -     -
===============================================================================

 

[Markfree]

@EmeraldDeer Here's my configuration. Most of it is default.

# grep -E -v "^#|^!|^%|^;" /tmp/mnt/entware/entware/share/ntpmerlin.d/chrony.conf | sort -u


allow 10.0.0.0/8
allow 172.16.0.0/12
allow 192.168.0.0/16
driftfile /opt/var/lib/chrony/drift
dumpdir /opt/var/lib/chrony
dumponexit
local stratum 10
lock_all
logchange 0.5
maxupdateskew 5
ntsdumpdir /opt/var/lib/chrony
pidfile /opt/var/run/chrony/chronyd.pid
pool pool.ntp.br iburst prefer trust minpoll 7 maxsources 2
ratelimit interval 3 burst 8

And status

# chronyc tracking
Reference ID    : E4489049 (a.ntp.br)
Stratum         : 3
Ref time (UTC)  : Fri Apr 23 14:22:55 2021
System time     : 0.000167815 seconds slow of NTP time
Last offset     : +0.000273127 seconds
RMS offset      : 0.000714562 seconds
Frequency       : 4.352 ppm slow
Residual freq   : +0.031 ppm
Skew            : 1.226 ppm
Root delay      : 0.030651383 seconds
Root dispersion : 0.003032867 seconds
Update interval : 130.2 seconds
Leap status     : Normal

# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* a.ntp.br                      2   7   377    25  +2449us[+2547us] +/-   19ms
^+ 2001:12f8:b:1::8              2   8   377    29  -1877us[-1779us] +/-   34ms

# chronyc sourcestats
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
a.ntp.br                   16   9   32m     +0.020      1.189  +2547us   663us
2001:12f8:b:1::8           20  12   36m     -0.004      1.897  -3960us  1261us

# chronyc selectdata
S Name/IP Address        Auth COpts EOpts Last Score     Interval  Leap
=======================================================================
* a.ntp.br                  N -PT-- -PT--    0   1.0   -15ms   +21ms  N
+ c.ntp.br                  N -PT-- -PT--    4   1.0   -32ms   +24ms  N

# chronyc clients
Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
===============================================================================
host1.[local_domain]        18      0   7   -    84       0      0   -     -
host2.[local_domain]        26      0   7   -    50       0      0   -     -

 

[dave14305]

You’re not by chance using pool.ntp.org as the DNS target for Network Monitoring on the Admin / System page, are you? Just a wild stab in the dark.

 

[Markfree]

WOW!
I totally forgot that.
I was using Network Monitoring with that ntp server.
It is now off and there's no more excessive querys.

Thanks a lot Dave

 

[Jack Yaz]

You’re not by chance using pool.ntp.org as the DNS target for Network Monitoring on the Admin / System page, are you? Just a wild stab in the dark.

haha no chance for #blamejack this time!

 

[dave14305]

haha no chance for #blamejack this time!

Even you realize the most important phrase in that sentence is “this time”!

 

[Jack Yaz]

Even you realize the most important phrase in that sentence is “this time”!

i have so many spinning plates (scripts) i'm bound to miss something once in a while!