NTS update

Gary E. Miller gem at rellim.com
Fri Mar 22 19:59:45 UTC 2019 

Yo Hal!

On Fri, 22 Mar 2019 01:22:37 -0700
Hal Murray via devel <devel at ntpsec.org> wrote:

> > I don't care if it is ntpq, ntpmon, log files, whatever.  Right now
> > I don't know how to get the info any way.   
> 
> I still don't know what you want.

As I said before:

> > 2. A way to see both the NTS name/IP and matching NTPD name/IP

> I've tried hard to make sure that everything interesting is in the
> log files while at the same time not making things too verbose.

For debug I'd like a LOT more verbose.  I have all sorts of issues
with nothing in my log files.

> Please look carefully and tell me what is missing.

Already started:

> > 2. A way to see both the NTS name/IP and matching NTPD name/IP

And I'm seeing with my 4 test servers that which server can connect to
which server has  pattern I do not understand.  It looks like the
clients get the cookies, then fail to make the NTS connection to
the NTPD server.

For example. my kong can NTS to my backup, but not to my pi3.

On kong, all I see is:

2019-03-22T12:55:52 ntpd[10362]: DNS: dns_probe: pi3.rellim.com, cast_flags:1, flags:21801
2019-03-22T12:55:52 ntpd[10362]: NTSc: DNS lookup of pi3.rellim.com took 0.000 sec
2019-03-22T12:55:52 ntpd[10362]: NTSc: nts_probe connecting to pi3.rellim.com:123 => [2001:470:e815::23]:123
2019-03-22T12:55:52 ntpd[10362]: NTSc: Using TLSv1.2, AES256-GCM-SHA384 (256)
2019-03-22T12:55:52 ntpd[10362]: NTSc: certificate subject name: /CN=pi3.rellim.com
2019-03-22T12:55:52 ntpd[10362]: NTSc: certificate issuer name: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
2019-03-22T12:55:52 ntpd[10362]: NTSc: certificate is valid.
2019-03-22T12:55:52 ntpd[10362]: NTSc: read 880 bytes
2019-03-22T12:55:52 ntpd[10362]: NTSc: Got 8 cookies, length 104, aead=15.
2019-03-22T12:55:52 ntpd[10362]: NTSc: NTS-KE req to pi3.rellim.com took 0.028 sec, OK
2019-03-22T12:55:52 ntpd[10362]: DNS: dns_check: processing pi3.rellim.com, 1, 21801
2019-03-22T12:55:52 ntpd[10362]: DNS: Server skipping: 2001:470:e815::23
2019-03-22T12:55:52 ntpd[10362]: DNS: dns_take_status: pi3.rellim.com=>good, 10

But then nothing more on kong saying anything about the NTPD connection
to pi3.

On pi3 there is no logging at all about kong trying to NTS/NTPD to pi3.

Furthermore, confusing to me, pi3 can NTS to kong just fine...

I need logging on why an NTPD server is rejecting NTS/NTPD udp packets.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190322/5e54bba6/attachment.bin>

More information about the devel mailing list