[GH-ISSUE #231] "DNS lookup tempfail" when running on an openbsd IPv6-only node #640

New issue

Open

opened 2026-03-13 15:03:35 +03:00 by kerem · 2 comments

kerem commented

2026-03-13 15:03:35 +03:00

Owner

Originally created by @ongolaboy on GitHub (Feb 10, 2024).
Original GitHub issue: https://github.com/abh/ntppool/issues/231

Hello,

I'm running ntp-4.2.8pl10p6 on openbsd7.4 .. I saw messages like this one
ntpd[26862]: DNS lookup tempfail

This node is running with IPv6-only.

The default ntpd.conf shipped is

# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf

servers pool.ntp.org
server time.cloudflare.com
sensor *

constraint from "9.9.9.9"              # quad9 v4 without DNS
constraint from "2620:fe::fe"          # quad9 v6 without DNS
constraints from "www.google.com"      # intentionally not 8.8.8.8

Since I did not have IPv4, I initially only commented the constraint with IPv4 . But it was not enough.

Then I realised that pool.ntp.org doesn't include a AAAA record. I ended up by commenting the servers line and added several servers close enough .

# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf

#servers pool.ntp.org
server time.cloudflare.com
server ntp1.xxxx
server ntp2.xxxx
sensor *

#constraint from "9.9.9.9"              # quad9 v4 without DNS
constraint from "2620:fe::fe"          # quad9 v6 without DNS
constraints from "www.google.com"      # intentionally not 8.8.8.8

At this moment, I don't know how the geo-location discovery is working, but can you please consider those running IPv6 (only) client and allow discovery of AAAA records for pool.ntp.org?

Originally created by @ongolaboy on GitHub (Feb 10, 2024). Original GitHub issue: https://github.com/abh/ntppool/issues/231 Hello, I'm running ntp-4.2.8pl10p6 on openbsd7.4 .. I saw messages like this one `ntpd[26862]: DNS lookup tempfail` This node is running with IPv6-only. The default ntpd.conf shipped is ``` # $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $ # # See ntpd.conf(5) and /etc/examples/ntpd.conf servers pool.ntp.org server time.cloudflare.com sensor * constraint from "9.9.9.9" # quad9 v4 without DNS constraint from "2620:fe::fe" # quad9 v6 without DNS constraints from "www.google.com" # intentionally not 8.8.8.8 ``` Since I did not have IPv4, I initially only commented the _constraint_ with IPv4 . But it was not enough. Then I realised that `pool.ntp.org` doesn't include a AAAA record. I ended up by commenting the `servers` line and added several servers close enough . ``` # $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $ # # See ntpd.conf(5) and /etc/examples/ntpd.conf #servers pool.ntp.org server time.cloudflare.com server ntp1.xxxx server ntp2.xxxx sensor * #constraint from "9.9.9.9" # quad9 v4 without DNS constraint from "2620:fe::fe" # quad9 v6 without DNS constraints from "www.google.com" # intentionally not 8.8.8.8 ``` At this moment, I don't know how the geo-location discovery is working, but can you please consider those running IPv6 (only) client and allow discovery of AAAA records for pool.ntp.org?

kerem commented

2026-03-13 15:03:41 +03:00

Author

Owner

@hart-NTP commented on GitHub (Feb 10, 2024):

Try adding

servers 2.openbsd.pool.ntp.org.

I don't know why openbsd isn't using their vendor zone openbsd.pool.ntp.org in their example/default ntpd.conf. The 2 is unfortunately a long-understood issue with the ntppool.org system -- AAAA records are only returned for 2.*.pool.ntp.org. Other *.pool.ntp.org names all return only IPv4.

I'm really curious why AAAA isn't supported for all of pool.ntp.org at this point.

@hart-NTP commented on GitHub (Feb 10, 2024): Try adding `servers 2.openbsd.pool.ntp.org.` I don't know why openbsd isn't using their vendor zone openbsd.pool.ntp.org in their example/default ntpd.conf. The 2 is unfortunately a long-understood issue with the ntppool.org system -- AAAA records are only returned for 2.*.pool.ntp.org. Other *.pool.ntp.org names all return only IPv4. I'm really curious why AAAA isn't supported for all of pool.ntp.org at this point.

kerem commented

2026-03-13 15:03:46 +03:00

Author

Owner

@ongolaboy commented on GitHub (Feb 16, 2024):

Try adding

servers 2.openbsd.pool.ntp.org.

Thanks, it worked.

I don't know why openbsd isn't using their vendor zone openbsd.pool.ntp.org in their example/default ntpd.conf.

Here is the answer https://marc.info/?l=openbsd-misc&m=170792716928891&w=2

The 2 is unfortunately a long-understood issue with the ntppool.org system -- AAAA records are only returned for 2.*.pool.ntp.org. Other *.pool.ntp.org names all return only IPv4.

I'm really curious why AAAA isn't supported for all of pool.ntp.org at this point.

Yeah.. I'm joining you on that one .

@ongolaboy commented on GitHub (Feb 16, 2024): > Try adding > > `servers 2.openbsd.pool.ntp.org.` Thanks, it worked. > I don't know why openbsd isn't using their vendor zone openbsd.pool.ntp.org in their example/default ntpd.conf. Here is the answer https://marc.info/?l=openbsd-misc&m=170792716928891&w=2 > The 2 is unfortunately a long-understood issue with the ntppool.org system -- AAAA records are only returned for 2.*.pool.ntp.org. Other *.pool.ntp.org names all return only IPv4. > > I'm really curious why AAAA isn't supported for all of pool.ntp.org at this point. Yeah.. I'm joining you on that one .