I have run into what I consider confusing operation/a bug of chronyc for the server name results it returns. When I run chronyc sourcestats or chronyc sources the "Name/IP address" field doesn't always list the hostname/s that are entered into my chrony.conf file. It seems like instead of chronyc isn't' generating it's reports using the hostnames that are entered into my chrony.conf configuration file and instead chronyd is taking the hostnames from the chrony.conf configuration file and then resolving it to an IP address and caching that information using that IP address to make the connections to the time servers. (which makes sense when pools are used.) However when chronyc is called with the sources or sourcestats option, instead of using the original hostname it got from the chrony.conf file, It attempts to do a reverse DNS lookup of the numerical IP address it has been using. If reverse record is not setup in DNS for the output shows only the numerical IP address, in the "Names/IP address field." If one reverse record exist it displays that FQDN instead of what was entered into chrony.conf and no IP address. If a reverse lookup returns multiple FQDNs to the particular IP address it seems to randomly chooses one of the returned FQDNs to display in the list for that particular invocation of chronyc and no IP address. Which depending on your situation could return confusing results if it returns the name server pool name for more than one line.
Note: this is happening in chronyc 3.4 (the latest for RHEL 7) and also 2.1.1 Steps to reproduce 1. Configure DNS with multiple forward and reverse lookup records for a time server. E.g. 172.0.0.51 realhostname1.example.test 172.0.0.51 time1.example.test 172.0.0.52 realhostname2.example.test 172.0.0.52 time2.example.test 172.0.0.53 realhostname3.example.test 172.0.0.53 time3.example.test 172.0.0.51 timepool.example.test 172.0.0.52 timepool.example.test 172.0.0.53 timepool.example.test 2. Add to the chronyd configuration file ( e.g. /etc/chrond.conf ) 3 server lines, the first being the first hosts numerical ip address line, the second being time2.e... record for the ...52 IP address and for the third server use realhostname3.example.test ( I would never do this in reality it is just to prove the point.) e.g. server 172.0.0.51 #plus any additional needed settings server time2.example.test #plus any additional needed settings server realhostname3.example.test #plus any additional needed settings 3. Restart chronyd (example on a systemctl box) systemctl reload chronyd 4. Run chronyc sources and or chronyc sourcestatus Expected results The sources lines to return the hostname or numerical IP address as configured in a servers line of the chrony.conf file possibly with or without that being followed by a slash and a numerical IP address of the actual host it is connected to incase the hostname in the configuration file points to an Obvious DNS based server pool of multiple numerical IP addresses. (Though for consistency of output and ease of figuring things out I would find it useful if it were to always having a / and Numerical IP address output for every systems regardless of whether it's a the member of a DNS pool or not.) Note: To reduce the size of this message, I have not included any chronyc sources output but they return similar results for the Name fields. [tst01 ~]$ chronyc sourcestats 210 Number of sources = 3 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== 172.0.0.51/172.0.0.51 27 16 47m +0.094 0.296 -216us 333us time2.example.test/172.0.0.52 29 17 52m -0.080 0.110 +86us 119us realhostname3.example.test/172.0.0.53 24 10 43m -0.052 0.212 +528us 166us Of if you feel you must have DNS reverse lookup results maybe have it list both the reverse resolved hostname and in parenthesis the configured hostname. [tst01 ~]$ chronyc sourcestats 210 Number of sources = 3 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== 172.0.0.51(172.0.0.51) 27 16 47m +0.094 0.296 -216us 333us time2.example.test(time2.example.test) 29 17 52m -0.080 0.110 +86us 119us realhostname3.example.test(realhostname3.example.test) 24 10 43m -0.052 0.212 +528us 166us Actual Results It performs a reverse lookup on the numerical IP address that it has cached from a previous forward lookup of the hostname for the corresponding server line of the chrony.conf files and lists a result of the reverse lookup. If the DNS server returns multiple reverse records for a box with multiple reverse DNS entries, it seems to randomly chooses a hostname to display on each iteration. Note: To make it a bit easier to follow along, I have copied pasted and edited a single output for each example to show what is going on. Thus all of the examples will have the exact same numbers on each line. I am also making the assuming that the sort order of the servers does not change from invocation to invocation (though that assumption may be wrong.) e.g., Least informative case scenario of basically useless results where there are multiple servers in a pool that have reverse lookups to the pool for the numerical IP address but the files was configured with multiple unique underling IP addresses or DNS names of members of the pool ending up with different span, frequency,... results for multiple sources lines all listed as the same FQDN. [tst01 ~]$ chronyc sourcestats 210 Number of sources = 3 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== timepool.example.test 27 16 47m +0.094 0.296 -216us 333us timepool.example.test 29 17 52m -0.080 0.110 +86us 119us timepool.example.test 24 10 43m -0.052 0.212 +528us 166us Some of the other possible outcomes for a three-time server configuration with 3 reverse lookup entries per time server IP address. [tst01 ~]$ chronyc sourcestats 210 Number of sources = 3 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== realhostname1.example.test 27 16 47m +0.094 0.296 -216us 333us time2.example.test 29 17 52m -0.080 0.110 +86us 119us realhostname3.example.test 24 10 43m -0.052 0.212 +528us 166us [tst01 ~]$ chronyc sourcestats 210 Number of sources = 3 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== timepool.example.test 27 16 47m +0.094 0.296 -216us 333us time2.example.test 29 17 52m -0.080 0.110 +86us 119us timepool.example.test 24 10 43m -0.052 0.212 +528us 166us [tst01 ~]$ chronyc sourcestats 210 Number of sources = 3 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== time1.example.test 27 16 47m +0.094 0.296 -216us 333us realhostname2.example.test/172.0.0.52 29 17 52m -0.080 0.110 +86us 119us timepool.example.test/172.0.0.53 24 10 43m -0.052 0.212 +528us 166us Additional Notes: Thank you for taking the time to consider making this change as well as any related extra flags that would be needed to deal with any consequences (like additional flags) of this change, as it would make things less confusing/quicker to figure out for me and potentially others when they are trying to figure out which time server is which in the output and after a change of chrony.conf that they have actually connected to the time servers they meant to be connected to and what IP address they are connected to or to potentially point out that after they changed the configurations that they failed to restart chronyd after making a configuration change to say use a different hostname that currently points to the same numerical IP address.) _________________________ Alexander Kohr Unix Systems Administrator Temple University Health System ________________________________ This electronic message is intended to be for the use of the named recipient, and may contain information that is confidential or privileged. This communication may contain protected health information (PHI) that is legally protected from inappropriate disclosure by the Privacy Standards of the Health Insurance Portability and Accountability Act (HIPAA) and relevant Pennsylvania Laws. You can direct questions concerning PHI or HIPAA to the Corporate Compliance and Privacy Officer at (215) 707-5605. If you are not the intended recipient, please note that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, you should notify the sender immediately by telephone or by return e-mail and delete and destroy all copies of this message.
