NTP - ntpq -c peers showing incorrect stratum for peers












0















I am running Ubuntu 14.04 as an Amazon Web Services instance.
When I run ntpq -c peers on my server I get the following output:



# ntpq -c peers
remote refid st t when poll reach delay offset jitter
==============================================================================
time-a.nist.gov .INIT. 16 u - 1024 0 0.000 0.000 0.000
time-b.nist.gov .INIT. 16 u - 1024 0 0.000 0.000 0.000


I read this to state that the 2 servers in the response are stratum 16 servers which I know to be incorrect (the nist.gov servers are stratum 1). I know there is a connection to the NIST servers because ntpdate -d time-a.nist.gov connects and shows offset fine.



What causes the stratum to be displayed incorrectly, and what can I do to make sure the command shows the correct stratum?



Thanks










share|improve this question





























    0















    I am running Ubuntu 14.04 as an Amazon Web Services instance.
    When I run ntpq -c peers on my server I get the following output:



    # ntpq -c peers
    remote refid st t when poll reach delay offset jitter
    ==============================================================================
    time-a.nist.gov .INIT. 16 u - 1024 0 0.000 0.000 0.000
    time-b.nist.gov .INIT. 16 u - 1024 0 0.000 0.000 0.000


    I read this to state that the 2 servers in the response are stratum 16 servers which I know to be incorrect (the nist.gov servers are stratum 1). I know there is a connection to the NIST servers because ntpdate -d time-a.nist.gov connects and shows offset fine.



    What causes the stratum to be displayed incorrectly, and what can I do to make sure the command shows the correct stratum?



    Thanks










    share|improve this question



























      0












      0








      0








      I am running Ubuntu 14.04 as an Amazon Web Services instance.
      When I run ntpq -c peers on my server I get the following output:



      # ntpq -c peers
      remote refid st t when poll reach delay offset jitter
      ==============================================================================
      time-a.nist.gov .INIT. 16 u - 1024 0 0.000 0.000 0.000
      time-b.nist.gov .INIT. 16 u - 1024 0 0.000 0.000 0.000


      I read this to state that the 2 servers in the response are stratum 16 servers which I know to be incorrect (the nist.gov servers are stratum 1). I know there is a connection to the NIST servers because ntpdate -d time-a.nist.gov connects and shows offset fine.



      What causes the stratum to be displayed incorrectly, and what can I do to make sure the command shows the correct stratum?



      Thanks










      share|improve this question
















      I am running Ubuntu 14.04 as an Amazon Web Services instance.
      When I run ntpq -c peers on my server I get the following output:



      # ntpq -c peers
      remote refid st t when poll reach delay offset jitter
      ==============================================================================
      time-a.nist.gov .INIT. 16 u - 1024 0 0.000 0.000 0.000
      time-b.nist.gov .INIT. 16 u - 1024 0 0.000 0.000 0.000


      I read this to state that the 2 servers in the response are stratum 16 servers which I know to be incorrect (the nist.gov servers are stratum 1). I know there is a connection to the NIST servers because ntpdate -d time-a.nist.gov connects and shows offset fine.



      What causes the stratum to be displayed incorrectly, and what can I do to make sure the command shows the correct stratum?



      Thanks







      linux ubuntu-14.04 ntp






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited May 26 '15 at 20:22









      Trav

      798520




      798520










      asked May 26 '15 at 19:37









      JohnKJohnK

      313




      313






















          2 Answers
          2






          active

          oldest

          votes


















          1














          refid .INIT. and stratum 16 indicates that you are not getting any responses from those servers. Check your firewall(s).






          share|improve this answer
























          • If ntpq is not getting through the firewall then why does ntpdate -d time.nist.gov give me information?

            – JohnK
            May 26 '15 at 19:50



















          2














          As already noted stratum 16 servers are unreachable. Therefore, they have no usable time information. As soon as you successfully connect to a server is stratum will be reported. It takes several time exchanges before ntp will consider using time from the server.



          ntpdate -d uses a non-privileged outgoing port, while ntp will use port 123 as source and destination. It is possible to block either with firewall rules. If you don't allow established connections before you block incoming traffic to port 123, ntp will fail.



          It is common to have a cstate RELATED,ESTABLISHED firewall rule at the top of a chain which accepts traffic. This simplifies the rule set as return traffic does not have be dealt with specific rules.






          share|improve this answer

























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f919840%2fntp-ntpq-c-peers-showing-incorrect-stratum-for-peers%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            refid .INIT. and stratum 16 indicates that you are not getting any responses from those servers. Check your firewall(s).






            share|improve this answer
























            • If ntpq is not getting through the firewall then why does ntpdate -d time.nist.gov give me information?

              – JohnK
              May 26 '15 at 19:50
















            1














            refid .INIT. and stratum 16 indicates that you are not getting any responses from those servers. Check your firewall(s).






            share|improve this answer
























            • If ntpq is not getting through the firewall then why does ntpdate -d time.nist.gov give me information?

              – JohnK
              May 26 '15 at 19:50














            1












            1








            1







            refid .INIT. and stratum 16 indicates that you are not getting any responses from those servers. Check your firewall(s).






            share|improve this answer













            refid .INIT. and stratum 16 indicates that you are not getting any responses from those servers. Check your firewall(s).







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered May 26 '15 at 19:40









            hymiehymie

            896414




            896414













            • If ntpq is not getting through the firewall then why does ntpdate -d time.nist.gov give me information?

              – JohnK
              May 26 '15 at 19:50



















            • If ntpq is not getting through the firewall then why does ntpdate -d time.nist.gov give me information?

              – JohnK
              May 26 '15 at 19:50

















            If ntpq is not getting through the firewall then why does ntpdate -d time.nist.gov give me information?

            – JohnK
            May 26 '15 at 19:50





            If ntpq is not getting through the firewall then why does ntpdate -d time.nist.gov give me information?

            – JohnK
            May 26 '15 at 19:50













            2














            As already noted stratum 16 servers are unreachable. Therefore, they have no usable time information. As soon as you successfully connect to a server is stratum will be reported. It takes several time exchanges before ntp will consider using time from the server.



            ntpdate -d uses a non-privileged outgoing port, while ntp will use port 123 as source and destination. It is possible to block either with firewall rules. If you don't allow established connections before you block incoming traffic to port 123, ntp will fail.



            It is common to have a cstate RELATED,ESTABLISHED firewall rule at the top of a chain which accepts traffic. This simplifies the rule set as return traffic does not have be dealt with specific rules.






            share|improve this answer






























              2














              As already noted stratum 16 servers are unreachable. Therefore, they have no usable time information. As soon as you successfully connect to a server is stratum will be reported. It takes several time exchanges before ntp will consider using time from the server.



              ntpdate -d uses a non-privileged outgoing port, while ntp will use port 123 as source and destination. It is possible to block either with firewall rules. If you don't allow established connections before you block incoming traffic to port 123, ntp will fail.



              It is common to have a cstate RELATED,ESTABLISHED firewall rule at the top of a chain which accepts traffic. This simplifies the rule set as return traffic does not have be dealt with specific rules.






              share|improve this answer




























                2












                2








                2







                As already noted stratum 16 servers are unreachable. Therefore, they have no usable time information. As soon as you successfully connect to a server is stratum will be reported. It takes several time exchanges before ntp will consider using time from the server.



                ntpdate -d uses a non-privileged outgoing port, while ntp will use port 123 as source and destination. It is possible to block either with firewall rules. If you don't allow established connections before you block incoming traffic to port 123, ntp will fail.



                It is common to have a cstate RELATED,ESTABLISHED firewall rule at the top of a chain which accepts traffic. This simplifies the rule set as return traffic does not have be dealt with specific rules.






                share|improve this answer















                As already noted stratum 16 servers are unreachable. Therefore, they have no usable time information. As soon as you successfully connect to a server is stratum will be reported. It takes several time exchanges before ntp will consider using time from the server.



                ntpdate -d uses a non-privileged outgoing port, while ntp will use port 123 as source and destination. It is possible to block either with firewall rules. If you don't allow established connections before you block incoming traffic to port 123, ntp will fail.



                It is common to have a cstate RELATED,ESTABLISHED firewall rule at the top of a chain which accepts traffic. This simplifies the rule set as return traffic does not have be dealt with specific rules.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Jan 23 at 13:28

























                answered May 27 '15 at 0:57









                BillThorBillThor

                8,82421718




                8,82421718






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f919840%2fntp-ntpq-c-peers-showing-incorrect-stratum-for-peers%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Сан-Квентин

                    8-я гвардейская общевойсковая армия

                    Алькесар