Thanks all !

I'm too bothered by the host 1.0.0.0.
Using the explicit IP address, as Lenard suggested, worked ! - see following
copy:
/usr/sbin/ntpdate -u 128.10.252.7
Looking for host 128.10.252.7 and service ntp
host found : darkcity.cerias.purdue.edu
27 Nov 08:00:23 ntpdate[7414]: step time server 128.10.252.7 offset
-32.779561 s ec

Any idea?

TIA

Enrique Perez-Terron wrote:

> On Sat, 26 Nov 2005 17:18:36 +0100, Michael Badt <mibadt@gmail.com> wrote:
>
>> Thanks all,
>> I've verified that my gw doesn't block port 123.
>> Yet still I can't find any servers.
>>
>> Any idea?
>>
>> Here's the output from both commands (as root):
>> =========
>> [root@Atlantis miki]# /usr/sbin/ntpdate time-a.nist.gov
>> Looking for host time-a.nist.gov and service ntp
>> host found : 1.0.0.0
>
> But what is this? Host 1.0.0.0 ???? This looks like there is something
> very wrong with the host name resolution.
>
> Time-a.nist.gov has address 129.6.15.28.
>
>> 26 Nov 18:15:29 ntpdate[11138]: no server suitable for synchronization
>> found
>> [root@Atlantis miki]#
>> [root@Atlantis miki]# /usr/sbin/ntpdate -u us.pool.ntp.org
>> Looking for host us.pool.ntp.org and service ntp
>> host found : 1.0.0.0
>
> What? Address 1.0.0.0 again? Very recently in this or another newsgroup,
> someone had this address showing up, but I wasn't able to find back to it.
>
> Anyway, us.pool-ntp.org has a bunch of addresses:
>
> $ dig us.pool-ntp.org
> [...]
> ;; ANSWER SECTION:
> us.pool.ntp.org. 1500 IN A 24.34.79.42
> us.pool.ntp.org. 1500 IN A 65.19.139.44
> us.pool.ntp.org. 1500 IN A 65.75.183.220
> us.pool.ntp.org. 1500 IN A 66.115.136.4
> us.pool.ntp.org. 1500 IN A 67.64.199.49
> us.pool.ntp.org. 1500 IN A 67.159.5.116
> us.pool.ntp.org. 1500 IN A 72.25.72.228
> us.pool.ntp.org. 1500 IN A 204.17.42.199
> us.pool.ntp.org. 1500 IN A 207.145.113.115
> us.pool.ntp.org. 1500 IN A 208.201.242.2
> us.pool.ntp.org. 1500 IN A 209.237.225.10
> us.pool.ntp.org. 1500 IN A 217.160.252.229
> [...]
>
> What output do you get from name resolution commands like "dig",
> or "host"? What address is shown in the output from "ping"? Here
> is mine:
>
> $ ping us.pool.ntp.org
> PING us.pool.ntp.org (217.160.252.229) 56(84) bytes of data.
>
> Unless you get something valid here, forget about ntp problems, you
> have a name resolution problem. Notice that dig/host may be doing
> its things differently from "ping". I presume ntpd and ntpdate use
> the "gethostbyname()" function, which is probably what "ping" also
> does. Therefore, "ping" is probably the most telling here.
>
>> 26 Nov 18:16:18 ntpdate[11145]: no server suitable for synchronization
>> found
>
> -Enrique

On Sun, 27 Nov 2005 07:03:54 +0100, Michael Badt <mibadt@gmail.com> wrote:

> Thanks all !
>
> I'm too bothered by the host 1.0.0.0.
> Using the explicit IP address, as Lenard suggested, worked ! - see following
> copy:
> /usr/sbin/ntpdate -u 128.10.252.7
> Looking for host 128.10.252.7 and service ntp
> host found : darkcity.cerias.purdue.edu
> 27 Nov 08:00:23 ntpdate[7414]: step time server 128.10.252.7 offset
> -32.779561 s ec
>
> Any idea?


I'm very mystified by this address 1.0.0.0.

I just stopped my nptd, renamed my /etc/ntp* files out of the way,
and tried a non-existing host-name:

# ntpdate -u kraki.com
Error : Temporary failure in name resolution
27 Nov 09:18:51 ntpdate[28678]: can't find host kraki.com

27 Nov 09:18:51 ntpdate[28678]: no servers can be used, exiting

I don't havey any idea, except to debug the name resolution using
all available means.

What do you get as output when you do "ping us.pool.ntp.org" ?

A question is, is name resolution failing only for ntpdate? Is there
a problem with your copy of ntpdate? Most likely ntpdate links to libc
and uses functions there to do name resolution. But what if the name
resolution works for ntpdate, but the ntpdate is having another problem
that makes it behave strangely? If we can establish that other programs
too have problems with name resolution, we can take our focus away from
ntpd/ntpdate, and focus on the name resolution. And vice versa, if name
resolution works for most/all other programs, concentrate on ntpdate
itself.

Check if name resolution fails for other programs as well. "ping" is just
one such program. you can try others, like "telnet", "wget", etc. Try with
known good host names, and with a name known to not exist, like xx.xx, or
"kraki.com" (in case it matters that .com is a valid tld, while .xx to my
best knowledge is not).

It does not matter that much at this stage if there is a firewall blocking
ping or telnet, the question is if we get a response that shows the right
ip address on the screen, like you will get from ping or telnet. For example,
I doubt www.google.com has a non-blocked telnet port active, but

$ telnet www.google.com
Trying 64.233.161.99...

the name resolution works.

If name resolution gives strange results for all programs, what is in
your /etc/nsswitch.conf? Look for a line like

# grep host /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns

What is the contents of the file /etc/resolv.conf ?

If the "hosts" line in nsswitch.conf says "files", what is in /etc/hosts ?

Do you have a name switch cache process (nscd) ?

etc.

-Enrique

Enrique, Thanks a lot.
The mystery continues.

Here are the answers to your questions:

ping us.pool.ntp.org
PING us.pool.ntp.org (207.145.113.115) 56(84) bytes of data.
64 bytes from us.pool.ntp.org (207.145.113.115): icmp_seq=1 ttl=50 time=410
ms
64 bytes from us.pool.ntp.org (207.145.113.115): icmp_seq=2 ttl=50 time=392
ms
64 bytes from us.pool.ntp.org (207.145.113.115): icmp_seq=3 ttl=50 time=401
ms

--- us.pool.ntp.org ping statistics ---
4 packets transmitted, 3 received, 25% packet loss, time 3004ms
rtt min/avg/max/mdev = 392.063/401.388/410.522/7.554 ms
------------------
[root@Atlantis miki]# telnet www.google.com
Trying 1.0.0.0...
----------------------
[root@Atlantis miki]# ping www.google.com
PING www.l.google.com (64.233.183.104) 56(84) bytes of data.
64 bytes from www.google.com (64.233.183.104): icmp_seq=1 ttl=240 time=313
ms
64 bytes from www.google.com (64.233.183.104): icmp_seq=2 ttl=240 time=265
ms

--- www.l.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 265.269/289.139/313.009/23.870 ms


----------
[root@Atlantis etc]# cat nsswitch.conf
#
# /etc/nsswitch.conf
#snip---------------------------
#hosts: db files nisplus nis dns
hosts: files nisplus nis dns
--------------------
cat resolv.conf
nameserver 10.0.0.138


# 10.0.0.138 is the IP address of my router
-----------------
cat resolv.conf
nameserver 10.0.0.138
----------------

I don't have a switch cache process (nscd)




Enrique Perez-Terron wrote:

> telnet www.google.com

Michael Badt wrote:

> # 10.0.0.138 is the IP address of my router
> -----------------
> cat resolv.conf
> nameserver 10.0.0.138
> ----------------

Re-configure your router, it would be best if your router supplied the
nameserver info from your ISP instead (if possible), for example;

$ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 67.36.128.26
nameserver 206.141.192.60

$ sudo /usr/sbin/ntpdate -u us.pool.ntp.org
27 Nov 11:41:39 ntpdate[5029]: adjust time server 64.5.0.129 offset
-0.000278 sec

$ telnet www.google.com
Trying 64.233.161.147...



--
"A personal computer is called a personal computer because it's yours,
Anything that runs on that computer, you should have control over."
Andrew Moss, Microsoft's senior director of technical policy, 2005

On Sun, 27 Nov 2005 17:23:19 +0100, Michael Badt <mibadt@gmail.com> wrote:

> Enrique, Thanks a lot.
> The mystery continues.
>
> Here are the answers to your questions:
>
> ping us.pool.ntp.org
> PING us.pool.ntp.org (207.145.113.115) 56(84) bytes of data.
> 64 bytes from us.pool.ntp.org (207.145.113.115): icmp_seq=1 ttl=50 time=410

Good.

> ------------------
> [root@Atlantis miki]# telnet www.google.com
> Trying 1.0.0.0...

??????

> ----------------------
> [root@Atlantis miki]# ping www.google.com
> PING www.l.google.com (64.233.183.104) 56(84) bytes of data.
> 64 bytes from www.google.com (64.233.183.104): icmp_seq=1 ttl=240 time=313

Good...

> ----------
> [root@Atlantis etc]# cat nsswitch.conf
> #
> # /etc/nsswitch.conf
> #snip---------------------------
> #hosts: db files nisplus nis dns
> hosts: files nisplus nis dns

Experiment: What happens if you eliminate these one by one?

> --------------------
> cat resolv.conf
> nameserver 10.0.0.138
>
>
> # 10.0.0.138 is the IP address of my router

Experiment: Run ethereal (Install it!). Run as root! Edit-> Preferences...-> Capture
Turn...

Promiscuous: Off
Update real time: On
Automatic scrolling: Off
Hide info dialog: On

Name Resolution:
MAC Off
Network Off <--- important!!!
Transport: On

Run telnet www.google.com. A couple of times. Look at the ethereal window.
Look for "DNS Standard query response". Click on the line, and look at the
middle panel. Expand the items to see the protocols decoded!
Is you ISP's name server showing intermittent failures? Is it saying
1.0.0.0 part of the time?

Isn't your ISP's name server being queried every time you run telnet?
If so where is the data being cached?

Experiment:

Run telnet www.google.com under strace (man strace, install it).
Use

strace -o /tmp/telnet.strace telnet www.google.com

As soon as a "Trying x.y.z.w..." line has been printed, hit ctrl-c, and
look at the file. Look for

socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("130.67.15.198")}, 28) = 0

# 53 = DNS protocol port
# 130.67.15.198 = my ISP's DNS server.


fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1133122760, 857696}, NULL) = 0
poll([{fd=3, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
send(3, "\310\277\1\0\0\1\0\0\0\0\0\0\3www\6google\3com\0\ 0\1\0"..., 32, 0) = 32

# Sends query

poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(3, FIONREAD, [260]) = 0
recvfrom(3, "\310\277\201\200\0\1\0\4\0\5\0\5\3www\6google\3co m\0\0"..., 1024, 0,
{sa_family=AF_INET, in_port=htons(53), sin_addr=inet_addr("130.67.15.198")}, [16]) = 260

# Gets response

close(3) = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f43000
write(1, "Trying 64.233.161.104...\r\n", 26) = 26

When it fails (when it shows 1.0.0.0) what are the 10-20 last lines before the line

write(1, "Trying 1.0.0.0...\r\n", 19) = 19

What is nice with telnet is that it does not do so terribly much before
establishing the connection, so it is easier to follow the system calls.

> I don't have a switch cache process (nscd)

Good.