Yo Hal! On Fri, 22 Mar 2019 01:22:37 -0700 Hal Murray via devel <devel@ntpsec.org> wrote:
> > I don't care if it is ntpq, ntpmon, log files, whatever. Right now
> > I don't know how to get the info any way.
>
> I still don't know what you want.
As I said before:
> > 2. A way to see both the NTS name/IP and matching NTPD name/IP
> I've tried hard to make sure that everything interesting is in the
> log files while at the same time not making things too verbose.
For debug I'd like a LOT more verbose. I have all sorts of issues
with nothing in my log files.
> Please look carefully and tell me what is missing.
Already started:
> > 2. A way to see both the NTS name/IP and matching NTPD name/IP
And I'm seeing with my 4 test servers that which server can connect to
which server has pattern I do not understand. It looks like the
clients get the cookies, then fail to make the NTS connection to
the NTPD server.
For example. my kong can NTS to my backup, but not to my pi3.
On kong, all I see is:
2019-03-22T12:55:52 ntpd[10362]: DNS: dns_probe: pi3.rellim.com, cast_flags:1,
flags:21801
2019-03-22T12:55:52 ntpd[10362]: NTSc: DNS lookup of pi3.rellim.com took 0.000
sec
2019-03-22T12:55:52 ntpd[10362]: NTSc: nts_probe connecting to
pi3.rellim.com:123 => [2001:470:e815::23]:123
2019-03-22T12:55:52 ntpd[10362]: NTSc: Using TLSv1.2, AES256-GCM-SHA384 (256)
2019-03-22T12:55:52 ntpd[10362]: NTSc: certificate subject name:
/CN=pi3.rellim.com
2019-03-22T12:55:52 ntpd[10362]: NTSc: certificate issuer name: /C=US/O=Let's
Encrypt/CN=Let's Encrypt Authority X3
2019-03-22T12:55:52 ntpd[10362]: NTSc: certificate is valid.
2019-03-22T12:55:52 ntpd[10362]: NTSc: read 880 bytes
2019-03-22T12:55:52 ntpd[10362]: NTSc: Got 8 cookies, length 104, aead=15.
2019-03-22T12:55:52 ntpd[10362]: NTSc: NTS-KE req to pi3.rellim.com took 0.028
sec, OK
2019-03-22T12:55:52 ntpd[10362]: DNS: dns_check: processing pi3.rellim.com, 1,
21801
2019-03-22T12:55:52 ntpd[10362]: DNS: Server skipping: 2001:470:e815::23
2019-03-22T12:55:52 ntpd[10362]: DNS: dns_take_status: pi3.rellim.com=>good, 10
But then nothing more on kong saying anything about the NTPD connection
to pi3.
On pi3 there is no logging at all about kong trying to NTS/NTPD to pi3.
Furthermore, confusing to me, pi3 can NTS to kong just fine...
I need logging on why an NTPD server is rejecting NTS/NTPD udp packets.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpvPrjSXjHlt.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
