In updating a gateway router running dd-wrt from DNS -> SmartDNS/DoT there is a time synchronization requirement, eg, if system clock is too far off it breaks.
This led to looking at formal NTP security models, all of which were rejected as too much effort and/or too few public NTS servers so ended up increasing the server count given ntp will manage discrepencies, and the impact of getting a rogue is negligible.
In 15.0, /etc/ntp.conf uses 'server 0.pool.ntp.org iburst' which does a one-shot DNS for each of the given servers, however, if the resolved server goes septic it is dropped but not replaced. 'pool' has a different behavior in that servers are replaced.
I changed 'server' to 'pool', and after 15 minutes, zero synchronization and zero error messages:
Code:
$ ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
*127.127.1.0 .LOCL. 10 l 55 64 377 0.000 +0.000 0.000
0.us.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.000
1.us.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.000
2.us.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.000
3.us.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.000
After removing 'nopeer' from the 'restrict' options, it worked:
Code:
$ ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
127.127.1.0 .LOCL. 10 l 186m 64 0 0.000 +0.000 0.000
0.us.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.000
1.us.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.000
2.us.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.000
3.us.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.000
+155.248.196.28 135.45.28.167 2 u 313 512 377 25.902 -0.987 0.754
+45.33.103.94 192.126.175.149 3 u 156 512 377 70.656 +0.665 0.405
*44.190.5.123 17.253.4.125 2 u 96 512 377 25.826 +0.199 0.589
-44.190.40.123 66.220.9.122 2 u 301 512 377 24.383 +1.143 0.484
Update: Current was in the subject as I mistakenly saw 'pool' in Current's /etc/ntp.conf
Note this is an always-on server that provides time service to the router and other LAN clients.
Caution: See replies 4 and 5 before adjusting your ntp.conf