NTP Localhost Query Timeout: Troubleshooting and Fixes for CentOS 6.4 Servers


2 views

When running NTP queries on a CentOS 6.4 server with the default configuration, you might encounter the frustrating timeout error:

ntpq> peers
localhost.localdomain: timed out, nothing received

The standard NTP configuration in /etc/ntp.conf typically looks like this:

driftfile /var/lib/ntp/drift

server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server 3.pool.ntp.org

restrict default ignore
restrict 127.0.0.1

Several factors could cause this timeout:

  1. The restrict directives might be too restrictive
  2. The NTP daemon might not be properly binding to localhost
  3. The hostname resolution might be problematic

First, check if NTP is running and listening:

netstat -tulnp | grep ntp

Then verify hostname resolution:

dig localhost.localdomain

Option 1: Modify restrict directives

restrict default kod nomodify notrap nopeer noquery
restrict 127.0.0.1

Option 2: Add explicit localhost server

server 127.0.0.1
fudge 127.0.0.1 stratum 10

Here's a tested configuration that resolves the timeout issue:

driftfile /var/lib/ntp/drift

server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server 3.pool.ntp.org
server 127.0.0.1

restrict default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1

After making changes, restart NTP and verify:

service ntpd restart
ntpq -pn

You should now see proper peer information instead of timeouts.

When your NTP local queries consistently time out with the localhost.localdomain: timed out error, there are several potential culprits to investigate. The issue often stems from a combination of configuration problems and service communication failures.

Your current /etc/ntp.conf shows a standard setup with public NTP servers, but let's examine the critical parts:

driftfile /var/lib/ntp/drift

server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server 3.pool.ntp.org

restrict default ignore
restrict 127.0.0.1

The restrict default ignore line is particularly important - it blocks all external queries by default, which is good for security but can cause local communication issues if not properly configured.

First, verify NTP service status:

service ntpd status
chkconfig --list ntpd

Then check if NTP is listening on the correct port:

netstat -tulnp | grep ntp
# Expected output should show UDP 123
# udp        0      0 0.0.0.0:123             0.0.0.0:*                           1234/ntpd

1. Restrict Line Adjustment:

# Replace current restrict lines with:
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1

2. Enable Debug Mode temporarily:

ntpd -d -n -g

3. Check Firewall Rules even if iptables shows no rules:

iptables -L -n -v
ip6tables -L -n -v

After making changes, test with:

ntpdate -q localhost
ntpq -p
ntpdc -c sysinfo

For persistent issues, consider adding these debug lines to ntp.conf:

logfile /var/log/ntp.log
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

If issues persist, try using 127.0.0.1 directly instead of localhost:

server 127.0.0.1 iburst
fudge 127.0.0.1 stratum 10

Remember to restart the service after each configuration change:

service ntpd restart