Default NTP servers do not have AAAA records

This is true, but is not something the ntp package in Ubuntu can change. :-)

This would be dependent on getting IPv6 connectivity for our datacentre in general. Subscribing canonical-sysadmins.

(yes: this is mostly the same text as I posted for Bug #241305 because the same problems apply)

This issue has been reported over 4 years ago, and has become a serious real-life problem for organisations. IANA (global supply) ran out of IPv4 addresses in February 2011. Shortly after that APNIC (Asia-Pacific supply) ran out. In September 2012 RIPE NCC (Europe/Middle-East/parts of Asia) ran out of IPv4 addresses.

Being able to run an IPv6-only network is increasingly important. Sure, hacks like NAT64/DNS64 exist. They form performance bottlenecks and single-points-of-failure in networks. Having native IPv6 support on a service like ntp.ubuntu.com is important.

The Canonical Sysadmins are notified of this issue, so I hope they take action as soon as possible. This is something that should have been fixed last year.

I've just marked bug 1312512 as a duplicate of this bug, since it is the same underlying issue, now that we default to pool.ntp.org servers in the list too (in bug 104525).

I'll change the subject accordingly.

I'm using 'systemd' to boot with Utopic. Recently ntpdate has failed. So googling around i have found that:
- ntpdate is the default ubuntu-minimal choice, even if deprecated. Should use ntp instead.
- the servers used (ntp.ubuntu.com) has issue with ipv6
- AAAA records default servers can be easily changed :

only "2.pool.ntp.org" (and 2.debian.pool.ntp.org, etc) returns AAAA records currently.
http://www.pool.ntp.org/en/

So on my system, i have updated /etc/ntp.conf with the 2.debian.pool.ntp.org

We notice this here as well, as we're increasingly turning up new services and VMs without IPv4. It fails with a rather cryptic error message:

Jul 8 07:10:03 rpki-validator ntpdate[689]: Can't find host ntp.ubuntu.com: Name or service not known (-2)
Jul 8 07:10:03 rpki-validator ntpdate[689]: no servers can be used, exiting
Jul 8 07:10:03 rpki-validator ntpdate[726]: Can't find host ntp.ubuntu.com: Name or service not known (-2)
Jul 8 07:10:03 rpki-validator ntpdate[726]: no servers can be used, exiting

If the Ubuntu sysadmin team does not manage to dual-stack their public NTP service in three years, perhaps it is time for the ntpdate package to switch to 2.pool.ntp.org?

Tore

Canonical Sysadmins: I've noticed that archive.ubuntu.com has IPv6 addresses. Does this mean that you're now in a position to provide ntp.ubuntu.com AAAA records also please?

One of our NTP servers has been IPv6 enabled today. The other will follow as time permits.

Also, ipv6.ntp.ubuntu.com is available if you prefer to force IPv6-only.

A kind of "minimum working set" is available as ipv6 atm:
ntp.ubuntu.com
2.ubuntu.pool.ntp.org
And obviously also (ipv6.ntp.ubuntu.com)

The good thing is that this should get everything working:
- ntp will find an ipv6 at least on 2....
- and ntpdate defaulting to ntp.ubuntu.com should work as well

With that the original request (ipv6 to ntp.ubunut.com) is solved, yet fix released isn't really applying as it was no package update. Since I have only tested that marginally on a LXD test system that can't reach a lot of targets I'd encourage the reporter (and more if willing) to retest this if things are now working properly for you? Therefore setting incomplete to let anybody finding an issue remaining reopen it if needed.

Also the question at Canonical Sysadmins: Any plans/progress on enabling the other[013].ubuntu.pool.ntp.org as well?

ChristianEhrhardt <email address hidden> writes:

> Also the question at Canonical Sysadmins: Any plans/progress on enabling
> the other[013].ubuntu.pool.ntp.org as well?

We don't own or control $ANYTHING.pool.ntp.org AFAIK

--
James

Hi James,
thanks for the info, you are right the whois to the IP's I get are not owned by Canonical.

But I wonder who set this up then - I'd have expected that we followed this somewhen back in time to add the four Ubuntu servers to the pool:
http://www.pool.ntp.org/en/join.html
And I thought for that we might have got that "branded" subdomain for DNS resolution by the pool in exchange.
And also I and hoped that this way we would have some control about it.

The same observation as before (only 2.xxx.pool.ntp.org has ipv6) is also true for example for 2.debian.pool.ntp.org.
So it appears that this seems to be a general thing =>
 https://news.ntppool.org/2013/06/ipv6-monitoring-problems-for-german-servers/
 http://stefanchrist.eu/blog/2015_01_12/www.pool.ntp.org%20and%20IPv6.xhtml
 https://news.ntppool.org/2011/06/continuing-ipv6-deployment/

I wonder if that means we are "good" now these days regarding the default config that we package.
So if any of the reporters with a real ipv6 only system and a native ipv6 only external connection could give that a verification that would be great.

[Expired for ntp (Ubuntu) because there has been no activity for 60 days.]

Both 2.ubuntu.pool.ntp.org and ntp.ubuntu.com have AAAA records now.

Additional hosts have been added to ntp.ubuntu.com today, including an additional IPv6 address.

@Paul - I wondered do we converge onto providing ipv6 on all 4 ubuntu pool addresses?
For bug 1754358 in chrony it would be really helpful to reach an optimal default configuration if all ubuntu pools would provide ipv6.

I'm sure you know best what is planned (or could be done), so I'd be happy if you could let us know.

@paelzer: There was a plan to enable IPv6 on all pools last year: https://community.ntppool.org/t/intention-to-enable-ipv6-by-default-in-2017/91 To my knowledge (and based on my brief checks just now) this didn't happen. I suspect the reasons for this are insufficient time to change the pool implementation, and (possibly) fear that the small number of IPv6 servers in the pool would be overwhelmed.

IPv6 on all ntp.ubuntu.com servers is doable, but subject to Canonical IS work priorities. Best to drop us a ticket about this.