SOLVED NTP client appending local domain when querying

Joe Archer · Aug 26, 2021

System

Dell PowerEdge T110 II
CPU: Intel Xeon CPU E3-1230 V2 @ 3.30GHz
RAM: 20GB ECC (2x8GB, 2x2GB)
TrueNAS-12.0-U5 (installed on separate SSD)
4x2TB RAIDZ1 (All WD Reds)

Issue
Currently when I log into my Pi-Hole, I can see that there are massive amounts of queries to what I have inside my NTP servers listings. Some are to the proper FQDN, but some are to the FQDN+local domain. Is there a way to stop it from querying that FQDN+LocalDomain? Below is when I narrow down to a specific NTP FQDN that has appended my local domain.

*I've removed internal FQDN but it would be after the lan part.

Joe Archer · Sep 30, 2021

For anyone else that stumbles upon this. It was due to 4.ca.pool.ntp.org not actually existing. When that occurs, the server will then append the local domain by default. This is why I was getting large amounts of that domain occurring.

So, big thing, is don't be dumb and actually test to see if the domain exists beforehand. A good ol' nslookup would have lead me in the right paht.

jgreco · Sep 30, 2021

It is highly likely that you could also specify a fully qualified domain name ... and here's where a bunch of people will say "but it is."

Except it isn't.

You're missing the trailing dot, which is the root anchor. When you specify a name like "1.ca.pool.ntp.org." (see the dot after org), there is no ambiguity.

Per RFC1535,

An absolute "rooted" FQDN is of the format {name}{.} A non "rooted" domain name is of the format {name}
[...stuff...]
Further, in any event where a "." exists in a specified name it should be assumed to be a fully qualified domain name (FQDN) and SHOULD be tried as a rooted name first.

Which is why almost everyone these days considers a domain name that contains a dot to "probably" be a FQDN, but those of us who have been doing this awhile tend to toss on the trailing dot to force the issue.

Joe Archer · Oct 1, 2021

jgreco said:
It is highly likely that you could also specify a fully qualified domain name ... and here's where a bunch of people will say "but it is."

Except it isn't.

You're missing the trailing dot, which is the root anchor. When you specify a name like "1.ca.pool.ntp.org." (see the dot after org), there is no ambiguity.

Per RFC1535,

Which is why almost everyone these days considers a domain name that contains a dot to "probably" be a FQDN, but those of us who have been doing this awhile tend to toss on the trailing dot to force the issue.

That's something I always forget about in regard to DNS. That dang ol "." at the end declaring as the quote says a "rooted FQDN". Would that also have stopped the TrueNAS box from querying the local domain as well? Or would that have still appended my local domain after failing the inital query?

jgreco · Oct 1, 2021

Who knows. One of the problems with software development is that developers often arrive behind the keyboard using a different professional/educational path, and this does not necessarily involve years of dealing with obscure details of arcane protocols like DNS. They teach kids to program in Python these days. It doesn't mean that they're going to be fully cognizant of the ins and outs of all the things they should be.

Important Announcement for the TrueNAS Community.

SOLVED NTP client appending local domain when querying

Joe Archer

Dabbler

Joe Archer

Dabbler

jgreco

Resident Grinch

Joe Archer

Dabbler

jgreco

Resident Grinch