filter-aaaa-on-v4

[Lawrence K. Chen, P.Eng.]

Well, drifting away from bind now....

----- Original Message -----
> 
> FWIW, you could also add -4 to ntpd args or use -4 prefix in
> ntpd.conf.
> 

I was positive that I had that set....but I see now that somebody had made our cfengine system force different options on ntpd, which doesn't include -4...evidently about 2 years ago...and not as part of our ntp promise.  And, I had changed the order of some of our cfengine promises recently.... Oh well, our cfengine's days are numbered.

Ran into another oddity in a different cfengine promise today...where I fixed something for a few servers, and it broke a dozen other production servers.  (last year this same collection of hacks copied 0 length passwd files everywhere....that was no fun recovering from.)

Maybe the planned forklift upgrade of our entire enterprise servers will be a good thing, providing we get time to do the same to our processes.  Some of the problems with our cfengine, is that it a rushed replace the old way of doing things because the old forgotten server that did it had died (~6 years ago.)  So, there was a lot of quick and dirty things being done, and new stuff often mirrors that approach.

When I set up cfengine at home, I had started around the idea of following how things were done at work to get it started, but quickly decided to not do it that way.  Of course, its taken far longer than I had expected to get to where I'm at with the setup at home and probably still miles away from getting to where I at least want it to be.  Though it probably still doesn't quite follow what the designers expect.  Some of how I do things at home is trickling back into the system at work, but its clearly too fragile now to be making any more changes to it.

As for at home....its strange that the manpage for ntpd on FreeBSD doesn't have -4 (or -6)...but "ntpd -h" shows it.

In fact I see lots of switches the manpage didn't mention....makes me wonder if I could've solved some other issues I had with it on a gov server we support, without resorting to building openntpd from ports (though the google searches had also pointed to using that to resolve the issue.)

Guess ntp.conf manpage mentions -4, but I hadn't thought to look at it before.

I'm kind of a newbie on running ntp servers.  There used to be 4 hardware NTP sources, but then it became 3, and then 2.  We'd have machines that differed enough in time between each other to cause problems...but those were things that happened to provide NTP, so it didn't seem important that we needed more (when they're moving to reduce to fewer systems of greater densities.)

I remember now that it there was it was a poster at last year's LISA that talked about NTP servers in 3's.

I have toyed with trying to find a cheap Stratum-1 server for home.

Off to update my ntp configs at home, at least I have a better feel on how cfengine will behave....though I only have two servers....because I only have 2 broadband connections...though maybe a new router for one or both is in the works.  The router had been rock solid for months....think it claimed 240 days uptime (the old router I had cron reboot it once a week, and sometimes it would get to where cron fails...so it goes until I have to reboot it...other times the watchdog kicks in and reboots it...until it reached a point where watchdog reboots were more frequent than 7 days.  Approached daily.  My other broadband connection is still using the same old router [years ago I had purchased a pair of new routers...left them on a shelf for year before finally switching both over])  Anyways...a couple weeks ago I decided to update the firmware, even though it even said if things are working fine there's no reason to update.  Now I can't log into it....though its still running fine, I just can't make any configuration changes.)

Though doing IPv6 at home might be a bit more work than I have free time for.  Though recalling picking up a router last year....doesn't sound like it does IPv6.