ntpd servers stuck in init state when defined by hostname, but sync correctly when defined by IP address

Question

I started having an issue on a couple of our colo servers which is causing a fair bit of head scratching.

I as alerted to clock skew on a couple of servers, and when I went to investigate ntpq -=p showed the following:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 ntp1.hetzner.de .INIT.          16 u    -   64    0    0.000    0.000   0.000
 ntp2.hetzner.de .INIT.          16 u    -   64    0    0.000    0.000   0.000
 ntp3.hetzner.de .INIT.          16 u    -   64    0    0.000    0.000   0.000

so clearly the server could not contact its ntp servers. However, its sister servers have no such issues, so I assumed the problem lay with the server. Probably a misconfiguration in IPtables. But no, IPtables is configured properly. Restarted ntpd, waited a few minutes, but the ntp servers were still in INIT. As a check I ran

ntpdate ntp1.hetzner.de

and I get a response from the time server! Puzzled, I started a tcpdump for UDP 123 traffic and restarted ntpd. No packets. Not one. Even after an hour. And yet if I stop ntp and run ntpdate I see packets going over the wire to the time servers no problem.

So, I tried putting the ip addresses of the time servers into ntp.conf and instantly I am in sync

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 ntp1.hetzner.de .INIT.          16 u    -   64    0    0.000    0.000   0.000
 ntp2.hetzner.de .INIT.          16 u    -   64    0    0.000    0.000   0.000
 ntp3.hetzner.de .INIT.          16 u    -   64    0    0.000    0.000   0.000
*ntp1.hetzner.de 192.53.103.103   2 u   23   64    1    2.856   -2.246   0.016
 ntp2.hetzner.de 192.53.103.103   2 u   22   64    1    0.246   -2.174   0.019
 ntp3.hetzner.de 192.53.103.108   2 u   21   64    1    0.262   -1.282   0.037

there are six servers in that output as I have appended the server ip addresses in ntp.conf

So I'm stumped. Is there some weird DNS issue in ntpd, or have I done something silly in my configuration? This machine is Debian 7.8, and the ntpd version is 4.2.6p5

My ntp config is now as follows:

driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
server ntp1.hetzner.de iburst
server ntp2.hetzner.com iburst
server ntp3.hetzner.net iburst
server 213.239.239.164 iburst
server 213.239.239.165 iburst
server 213.239.239.166 iburst

Answer 1

I have some servers at Hetzner which with the default ntpd configuration from the install image will use IPv6 to communicate with the ntp servers provided by Hetzner.

Given that you see the duplicate entries in the output I am strongly suspecting that your ntpd has resolved those hostnames to IPv6 addresses rather than IPv4 addresses. You can verify this by using the -n flag for ntpq such that it will display IP addresses rather than hostnames.

There is nothing wrong with configuring ntpd such that it will use both some IPv4 addresses and some IPv6 addresses as time source. I would even go as far as saying it is a good practice to do so. Hence I wouldn't say there is anything wrong with your ntpd configuration.

However I do suspect you have a misconfiguration in your IPv6 configuration, and that is what you should be fixing.