cancel
Showing results for 
Search instead for 
Did you mean: 

ZD1200 not obeying NTP server configuration

donald_howe_6dj
New Contributor II
ZoneDirector 1200 version 10.1.1.0 build 42

NTP is enabled, with NTP server specified, for example "ntp.example.com". The real NTP server address is our internal NTP hostname with 2x A records and 2x AAAA records in DNS.

But looking at packet capture, the ZoneDirector is going to random NTP servers to ask for time. Example list of NTP servers ZD is observed as using:

209.58.185.100 - ntp.hkg10.hk.leaseweb.net
168.167.71.138 - ns1.botsnet.bw
196.10.55.57 - ntp3.inx.net.za
103.23.208.175
120.25.108.11 - time4.aliyun.com

It looks like ZoneDirector uses some internal hard-coded list of NTP servers.

If I specify an NTP server in ZoneDirector configuration, I expect ZoneDirector to not use any other NTP server.

Confirming from CLI "show config" (real address and TZ censored):
"
NTP:
  Status= Enabled
  Address= ntp.(example).com
  Timezone= GMT+x
"
6 REPLIES 6

martin_martin
Valued Contributor
Hi Donald,

Yeah this sounds a bit weird, please open a case with support so they can look at it.

What version are you running on the ZD1200?

regards
Martin

donald_howe_6dj
New Contributor II
As the first line of the OP says:
ZoneDirector 1200 version 10.1.1.0 build 42

andrew_bailey_7
New Contributor III
Hi Donald,

Not sure if it helps or not, but I'm on a ZD1200 running the same software version (which is the latest release).

I've checked my firewall logs and can't see this issue. My ZD1200 is only using the single internal NTP server I have specified.


The only thing I would note, is that I'm currently using an IP rather than an FQDN. I'll try changing it later to see if the behavior is any different.


Kind Regards,


Andy.

donald_howe_6dj
New Contributor II
I changed the NTP server from DNS name to IP address, and now ZD1200 uses only the single specified NTP server.
It no longer queries random NTP servers.

Changed back to DNS name and waiting to see what happens - from packet capture it looks like ZD1200 queries the NTP server every 1 hour so it should not take long.

If the random (pool.ntp.org?) NTP servers are no longer queried, then I would guess that some time during update of ZD1200 the NTP setting was "deactivated" somehow. This ZD1200 has been updated numerous times.