记录一次银河麒麟服务器系统中执行ntpq -p命令延时30s输出和执行ntpstat命令报错问题分析
一 问题描述
问题一:执行ntpq -p命令过约30s才会有输出,通过执行命令time ntpq -p得到延时30s输出的时间
问题二:执行ntpstat命令报错:Unable to talk to NTP daemon. Is it running?
二 系统版本信息
############## Kylin Linux Version #################
Release:
Kylin Linux Advanced Server release V10 (Sword)
Kernel:
4.19.90-25.31.v2101.ky10.aarch64
Build:
Kylin Linux Advanced Server
release V10 (SP2) /(Sword)-aarch64-Build09/20210524
#################################################
三 排查以及解决方法
3.1 执行ntpq -p延时30s输出问题分析
执行ntpq -p命令过约30s才会有输出,通过执行命令time ntpq -p得到延时30s输出的时间
3.1.1 问题原因
It is possible that ntpq is trying to resolve DNS for the name of the NTP peers and that a misconfigured DNS is causing the timeout and delay of 5 minutes.
You can confirm that that's the case by asking it not to resolve DNS, using the ntpq -np command (the -n flag tells it not to resolve DNS.)
If that's indeed the case, you can then look into why resolving DNS for those IPs is not working (but that's a separate topic, probably deserves a specific question.)
如果主机/etc/resolv.conf 里,没有配置nameserver ,则不会去DNS解析,不会有该问题。
3.1.2 解决方法
加上-n选项,没有配置nameserver ,则不会去DNS解析,不会有该问题。
ntpq -np
3.2 执行ntpstat命令报错问题分析
执行ntpstat命令报错:Unable to talk to NTP daemon. Is it running?
3.2.1 问题分析
(1)排查ntpd服务是否状态
systemctl status ntpd
(2)排查客户端和服务端123udp端口的通讯状态
[root@localhost ~]# nmap -sU 172.16.210.142 -p 123 -Pn
Starting Nmap 7.80 ( https://nmap.org ) at 2023-12-08 14:44 CST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for 172.16.210.142
Host is up (0.00076s latency).
PORT STATE SERVICE
123/udp open ntp
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
#state状态为open表示端口通信正常。
#state状态为open|filtered表示端口通信不正常,确认是否存在端口限制。
(3)排查ntp配置文件
检查ntp文件配置是否存在异常
(4)检查ntpstat软件包的完整性
rpm -V ntpstat
#正常执行命令是没有输出的
rpm -V ntpstat
s.5....T. /usr/bin/ntpstat
#非正常输出
#在排查过程中,发现/usr/bin/ntpstat文件被修改过
3.2.2 解决方法
卸载ntpstat包,重新进行安装。执行ntpstat命令恢复正常。