NTP servers won't resolve?

[AppleBag]

I'm using the latest Merlin firmware but don't know if this is a Merlin problem or ASUS problem with the base firmware (on a ASUS RT-AC68U).

My settings look like this:

And I keep getting the yellow error msg in the screenshot. I've tried several different NTP servers, such as, pool.ntp.org, 0.north-america.pool.ntp.org, 1.north-america.pool.ntp.org and time.nist.gov, but none ever resolve and sync up the time. On a whim I pinged pool.ntp.org and got the IP (108.161.151.187), then put that into the firest NTP field, clicked Apply, and it synced.

That's cool but what if the IP changes at some point and auto-syncing stops working?

Anyone know what could be wrong here? I do use a Pi-hole + DNSCrypt to handle my DNS, which I've set the IP to my local LAN IP for it here:

Looking through the Pi-hole logs I see nothing showing any of those NTP servers being blocked, and just in case, I've also added them to the whitelist. Still won't sync.

Any ideas anyone?

 

[ColinTaylor]

What are your WAN DNS settings?

 

[AppleBag]

Hi @ColinTaylor

These are my WAN DNS settings

 

[skeal]

Hi @ColinTaylor

These are my WAN DNS settings

View attachment 19716

Put DNS server information in Server1 and Server2. The router uses it to sync time in the beginning of the boot. You can modify dnsmasq.conf.add to include something like server=/pool.ntp.org/1.1.1.1 will help as well. Using network Monitoring on the system admin page has proven to be problematic for most.

 

[RMerlin]

Do not disable automatic DHCP retrieval of DNS and keep DNS fields empty. Your router requires working nameservers.

 

[AppleBag]

Little bit confused then, lol. I posted not too long ago aboutt where I should put my DNS server info when using a Pi-hole (https://www.snbforums.com/threads/adding-pi-hole-dns-to-router.59858/) and was told to use the area that I put it in. Maybe I misunderstood, and I should also put the Pi-hole IP in the other area's DNS 1 as well?

I want to make sure that all traffic goes solely through my Pi-hole, so I can't add something like 1.1.1.1 as a DNS2 anywhere because from my understanding if I do not all traffic will go through the Pi-hole; some will also go through whatever I have in DNS2.

 

[dave14305]

Little bit confused then, lol. I posted not too long ago aboutt where I should put my DNS server info when using a Pi-hole (https://www.snbforums.com/threads/adding-pi-hole-dns-to-router.59858/) and was told to use the area that I put it in. Maybe I misunderstood, and I should also put the Pi-hole IP in the other area's DNS 1 as well?

That guy was very smart and good-looking.

I want to make sure that all traffic goes solely through my Pi-hole, so I can't add something like 1.1.1.1 as a DNS2 anywhere because from my understanding if I do not all traffic will go through the Pi-hole; some will also go through whatever I have in DNS2.

You can make all your clients use the Pi-Hole by keeping the IP in DHCP DNS Server 1 and setting DNSFilter mode to Router. That will force all client DNS requests to Pi-Hole. You'd have to add a Client rule for the Pi-Hole to have No Filtering (What upstream DNS servers does the Pi-Hole use?).

You should at least let the router connect to an external DNS server (ISP or same as Pi-Hole upstream DNS) so that it can sync time, check for updates, etc.

I think there could be chicken-and-egg scenarios if you set WAN DNS to be the Pi-Hole IP, so I don't recommend it (but I don't use a Pi-Hole).

 

[AppleBag]

You'd have to add a Client rule for the Pi-Hole to have No Filtering

I'm not really sure whatcha mean by that? lol. I don't think PH has that ability.

(What upstream DNS servers does the Pi-Hole use?)

Right now the flow goes like this:

My Router's DNS1 is set to a LAN machine hosting PH (192.168.0.194) --> PH handles filtering out the bad stuff, then passes the good stuff to DNSCrypt, also on that same machine, listening via (192.168.0.194:5353) --> DNSC then has configs to use several DNS servers that support DoH and DNSC, and also anonymizes the request by sending the request through an anon relay first.

Ultimately, the final DNS servers are Quad9, cs-usil, and a cpl others that I forget offhand.

You should at least let the router connect to an external DNS server (ISP or same as Pi-Hole upstream DNS) so that it can sync time, check for updates, etc.

It can't sync time/check for updates going through the PH and DNSC, how I have it? Isn't it all still resolving a DNS whether it's being daisy chained through the above, or directly from the router itself?

 

[dave14305]

It can't sync time/check for updates going through the PH and DNSC, how I have it? Isn't it all still resolving a DNS whether it's being daisy chained through the above, or directly from the router itself

You’ve given the router no DNS servers at all (it doesn’t use the servers in LAN DHCP DNS). It needs something in WAN DNS.

 

[dave14305]

You can modify dnsmasq.conf.add to include something like server=/pool.ntp.org/1.1.1.1 will help as well.

Remember that this won’t help unless the Wan: use local resolver setting is set to yes. Otherwise the router ignores dnsmasq for lookups.

 

[Vexira]

Sorry to be a pain but I have experienced the same issues with au.pool.ntp.org 0-3 servers, to I changed it to the ubqity ntp pool servers.

@AppleBag
I can post them for you to test if you are interested.

also I had to disable spanning tree protocol to get mine to work.

 

[AppleBag]

You’ve given the router no DNS servers at all (it doesn’t use the servers in LAN DHCP DNS). It needs something in WAN DNS.

Ahhhhhh HAAAAAA!!! Now I get it. Sorry for being so dense, lol. For some reason I was just thinking the router only needed a single place for a DNS setting, and then it would just use that for everything. I Didn't realize it uses one dns setting only for DHCP, and one for itself. (derrr )

I think I have it all settled in now. I keep my PH IP in the DHCP dns1 (no dns2), and then in the WAN DNS1 & DNS2 I keep google's there just for update checks, NTP, etc.

I tried also enabling the DNS filter and setting it to Router, but for some reason it seems to slow my connection to a crawl, and even result in dns not resolving at all at times, so I disabled it.

After doing some dns leaktests to report which dns servers are being used, it still seems all dhcp traffic is going through my PH chain even w/out using the DNSFilter.

I also put time.nist.gov and pool.ntp.org as the NTP servers, and also did a firmware update check, and everything seems good so far. No errors in the logs or anything.

Thanks a mill for the help!

P.S. however, if something goes askew, rest assured I'll be back to bug ya again!

 

[dave14305]

I tried also enabling the DNS filter and setting it to Router, but for some reason it seems to slow my connection to a crawl, and even result in dns not resolving at all at times, so I disabled it.

That could happen with DNSFilter if you don't add the Pi-Hole IP under Client List with the Filter Mode = "No Filtering". But since you're using DNSCrypt and DoH, etc. it's hard to figure out if Pi-Hole would send out any normal port 53 queries or not.

As long as it's working...time to tinker with it!

 

[SuperDuke]

Hi all....perhaps not the proper forum but I thought I'd post here anyway....

I did a reboot and checking the sys-log the following was shown:

Oct 30 16:45:20 crond[327]: time disparity of 782920 minutes detected

I'm not sure why the time sync is so far out....any ideas? Thanks in advance..

 

[ColinTaylor]

Hi all....perhaps not the proper forum but I thought I'd post here anyway....

I did a reboot and checking the sys-log the following was shown:

Oct 30 16:45:20 crond[327]: time disparity of 782920 minutes detected

I'm not sure why the time sync is so far out....any ideas? Thanks in advance..

That's normal. It's the difference between the power-on default date/time and the actual date/time after it's been corrected by NTP.

 

[SuperDuke]

That's normal. It's the difference between the power-on default date/time and the actual date/time after it's been corrected by NTP.

Excellent...thanks!