ZD1200 not obeying NTP server configuration

  • 1
  • Question
  • Updated 2 days ago
ZoneDirector 1200 version 10.1.1.0 build 42

NTP is enabled, with NTP server specified, for example "ntp.example.com". The real NTP server address is our internal NTP hostname with 2x A records and 2x AAAA records in DNS.

But looking at packet capture, the ZoneDirector is going to random NTP servers to ask for time. Example list of NTP servers ZD is observed as using:

209.58.185.100 - ntp.hkg10.hk.leaseweb.net
168.167.71.138 - ns1.botsnet.bw
196.10.55.57 - ntp3.inx.net.za
103.23.208.175
120.25.108.11 - time4.aliyun.com

It looks like ZoneDirector uses some internal hard-coded list of NTP servers.

If I specify an NTP server in ZoneDirector configuration, I expect ZoneDirector to not use any other NTP server.

Confirming from CLI "show config" (real address and TZ censored):
"
NTP:
  Status= Enabled
  Address= ntp.(example).com
  Timezone= GMT+x
"
Photo of Donald Howe

Donald Howe

  • 8 Posts
  • 0 Reply Likes
  • irritated

Posted 3 days ago

  • 1
Photo of Martin

Martin, Official Rep

  • 251 Posts
  • 61 Reply Likes
Hi Donald,

Yeah this sounds a bit weird, please open a case with support so they can look at it.

What version are you running on the ZD1200?

regards
Martin
Photo of Donald Howe

Donald Howe

  • 8 Posts
  • 0 Reply Likes
As the first line of the OP says:
ZoneDirector 1200 version 10.1.1.0 build 42
Photo of Andrew Bailey

Andrew Bailey

  • 16 Posts
  • 8 Reply Likes
Hi Donald,

Not sure if it helps or not, but I'm on a ZD1200 running the same software version (which is the latest release).

I've checked my firewall logs and can't see this issue. My ZD1200 is only using the single internal NTP server I have specified.


The only thing I would note, is that I'm currently using an IP rather than an FQDN. I'll try changing it later to see if the behavior is any different.


Kind Regards,


Andy.
Photo of Donald Howe

Donald Howe

  • 8 Posts
  • 0 Reply Likes
I changed the NTP server from DNS name to IP address, and now ZD1200 uses only the single specified NTP server.
It no longer queries random NTP servers.

Changed back to DNS name and waiting to see what happens - from packet capture it looks like ZD1200 queries the NTP server every 1 hour so it should not take long.

If the random (pool.ntp.org?) NTP servers are no longer queried, then I would guess that some time during update of ZD1200 the NTP setting was "deactivated" somehow. This ZD1200 has been updated numerous times.
Photo of Donald Howe

Donald Howe

  • 8 Posts
  • 0 Reply Likes
Confirmed: using DNS name as NTP server on ZD1200 10.1.1.0 build 42 does not work.
ZD1200 queries outside NTP servers.

Obviously a limitation/bug in 10.1.1.0 build 42. At least in our configuration where the DNS name resolves to 2x A and 2x AAAA RRs.

Using an IP address works as expected.
Photo of Donald Howe

Donald Howe

  • 8 Posts
  • 0 Reply Likes
Case ID: 00821735 opened.