Changing global NTP and DNS settings post configuration
The DNS and NTP settings that are configured at installation time for SDC7 are intended to remain static. However, it is possible to change this if required. It is only recommended that these settings be changed if it is a hard requirement. Additionally, it is recommended that the change be accompanied by a reboot of the head node as well as thorough test of the changes.
In this page:
Essential reading
Changing NTP on the head node
SDC7 uses it's own internal NTP server which runs on the head node. This cannot be changed; all components of SDC7 must synchronize against the head node. However, the external time source that SDC7 uses to synchronize against can be updated if required.
Verify new NTP server(s)
The first step is to ensure that you are able to reach and synchronize against the new NTP server(s). This can be accomplished by using the ntpdate(1m) command from the GZ of the head node:
# ntpdate -d time.nist.gov
4 Nov 16:15:28 ntpdate[35083]: ntpdate 4.2.7p446@1.2483-o Thu Sep 4 11:58:37 UTC 2014 (1)
Looking for host time.nist.gov and service ntp
128.138.141.172 reversed to utcnist2.colorado.edu
host found : utcnist2.colorado.edu
transmit(128.138.141.172)
receive(128.138.141.172)
transmit(128.138.141.172)
transmit(128.138.141.172)
receive(128.138.141.172)
transmit(128.138.141.172)
receive(128.138.141.172)
server 128.138.141.172, port 123
stratum 1, precision -29, leap 00, trust 000
refid [ACTS], delay 0.07411, dispersion 8.00015
transmitted 4, in filter 4
reference time: d80379e5.e60978dc Tue, Nov 4 2014 16:14:29.898
originate timestamp: d8037a26.a45321f7 Tue, Nov 4 2014 16:15:34.641
transmit timestamp: d8037a26.9e3bab97 Tue, Nov 4 2014 16:15:34.618
filter delay: 0.07411 0.00000 0.07423 0.07422
0.00000 0.00000 0.00000 0.00000
filter offset: -0.00035 0.000000 -0.00068 -0.00051
0.000000 0.000000 0.000000 0.000000
delay 0.07411, dispersion 8.00015
offset -0.000350
4 Nov 16:15:34 ntpdate[35083]: adjust time server 128.138.141.172 offset -0.000350 secThe output above shows us that we are able to successfully contact the NTP server. The
-d flag tells ntpdate to not set the clock, just show what it would do.
Conversely, a failure will look like this:
# ntpdate -d 192.168.212.12
4 Nov 16:17:24 ntpdate[35172]: ntpdate 4.2.7p446@1.2483-o Thu Sep 4 11:58:37 UTC 2014 (1)
Looking for host 192.168.212.12 and service ntp
host found : 192.168.212.12
transmit(192.168.212.12)
transmit(192.168.212.12)
transmit(192.168.212.12)
transmit(192.168.212.12)
transmit(192.168.212.12)
192.168.212.12: Server dropped: no data
server 192.168.212.12, port 123
stratum 0, precision 0, leap 00, trust 000
refid [192.168.212.12], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000
originate timestamp: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000
transmit timestamp: d8037a9a.fe8de440 Tue, Nov 4 2014 16:17:30.994
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000
4 Nov 16:17:32 ntpdate[35172]: no server suitable for synchronization foundChange the SDC7 config File
Updating the NTP server(s) for SDC7 involves a modification to the config file that is located on the boot key.
1. Mount the USB Key
Using the sdc-usbkey command, mount the usb key on the head node.
# sdc-usbkey mount
# df -h | grep /mnt/usbkey
/dev/dsk/c1t0d0p1 3.7G 2.8G 908M 77% /mnt/usbkey2. Backup the SDC7 config File
Create a backup copy of the config file.
# cp /mnt/usbkey/config /mnt/usbkey/config.ntp.backup3. Edit the SDC7 config File
Using a text editor, adjust the following line in the config file to use the IP Address or Hostname of the new NTP server(s).
ntp_hosts=0.smartos.pool.ntp.orgFor example:
# diff config config.ntp.backup
116c116
< ntp_hosts=my_new_ntp_host
---
> ntp_hosts=0.smartos.pool.ntp.org4. Verify the SDC7 config File
Verify that the config file is syntactically correct; this can easily done by sourcing the file:
# source /mnt/usbkey/configIf this command throws any errors, you will need to correct them prior to proceeding.
5. Umount the usbkey
Umount the usbkey via:
# sdc-usbkey unmount6. Reboot the head node
# reboot7. Test NTP
Once the headnode has rebooted, you need to test the new ntp server using the ntpq(1) command.
# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
0.smartos.pool. .POOL. 16 p - 16 0 0.000 0.000 0.000
+207.150.168.70 130.207.244.240 2 u 482 512 377 47.128 -6.064 2.553
+time.gac.edu 128.138.141.172 2 u 257 1024 377 35.711 -4.275 5.911
*pool-test.ntp.o 216.218.254.202 2 u 16 1024 377 73.210 -5.816 4.786
-deekayen.net 209.51.161.238 2 u 370 1024 377 40.576 2.106 4.277
-ec2-54-235-96-1 152.2.133.53 2 u 360 512 377 40.869 13.775 8.973
+li290-38.member 128.138.141.172 2 u 331 1024 377 47.029 -5.155 5.216
-segfault.boom.n 204.123.2.72 2 u 409 512 377 45.565 -10.630 3.512
-ntp.southwestit 173.203.211.73 3 u 470 512 377 49.851 -6.356 3.493
-199.167.29.243 204.9.54.119 2 u 373 1024 377 60.533 2.551 2.810Change running configuration
The recommended procedure is to modify the config file and reboot the head node to ensure that the change is reboot-safe. However, if you are unable to afford the downtime on the head node yet still need to change the NTP settings it is possible to do it using this procedure.
Note: You do not need to follow this procedure if you are intending on changing the configuration file and rebooting the head node. This procedure is only required if you are unable to reboot the head node yet need to change the ntp server. If you follow this procedure without going through the procedure Change config File above, your head node will revert to the ntp servers listed in the config file.
1. The ntp.conf file
To change the running configuration, you will need to modify the file
/etc/inet/ntp.conf. A sample file is shown below:
# cat /etc/inet/ntp.conf
driftfile /var/ntp/ntp.drift
logfile /var/log/ntp.log
# Ignore all network traffic by default
restrict default ignore
restrict -6 default ignore
# Allow localhost to manage ntpd
restrict 127.0.0.1
restrict -6 ::1
# Allow servers to reply to our queries
restrict source nomodify noquery notrap
# Allow local subnets to query this server
restrict 10.1.1.0 mask 255.255.255.0
# Time Servers
pool 0.smartos.pool.ntp.org burst iburst minpoll 42. Create backup of the ntp.conf file
Create a backup of the existing file. This can be used for recovery in the event there are problems with the new configuration.
# cd /etc/inet
# cp ntp.conf ntp.conf.orig3. Change server address in the ntp.conf file
You will need to change the entry under Time Servers to reflect the address / type of time server you are using.
Note: Do not change any other lines in this file! Doing so may cause your installation to become unstable.
4. Restart the NTP service
Using the svcadm(1m), restart the ntp service:
# svcs -a | grep ntp
online 15:29:47 svc:/network/ntp:default
# svcadm restart ntp
# svcs -a | grep ntp
online 19:36:36 svc:/network/ntp:default5. Test NTP
Once you have restarted the ntp service you need to test the new ntp server using the ntpq(1) command.
# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
0.smartos.pool. .POOL. 16 p - 16 0 0.000 0.000 0.000
+207.150.168.70 130.207.244.240 2 u 482 512 377 47.128 -6.064 2.553
+time.gac.edu 128.138.141.172 2 u 257 1024 377 35.711 -4.275 5.911
*pool-test.ntp.o 216.218.254.202 2 u 16 1024 377 73.210 -5.816 4.786
-deekayen.net 209.51.161.238 2 u 370 1024 377 40.576 2.106 4.277
-ec2-54-235-96-1 152.2.133.53 2 u 360 512 377 40.869 13.775 8.973
+li290-38.member 128.138.141.172 2 u 331 1024 377 47.029 -5.155 5.216
-segfault.boom.n 204.123.2.72 2 u 409 512 377 45.565 -10.630 3.512
-ntp.southwestit 173.203.211.73 3 u 470 512 377 49.851 -6.356 3.493
-199.167.29.243 204.9.54.119 2 u 373 1024 377 60.533 2.551 2.810Changing DNS on the Head Node
It is possible to change the DNS servers that SDC7 uses post-installation. Please be aware, however, that this will only affect the resolver files in the global zones. DNS servers associated with networks are managed in NAPI via the process described on the page titled Configuring Networks.
Note: You should never manually change DNS settings for SDC7 core services, including the global zone. Doing so may render your installation non-functional.
Verify New DNS Server(s)
First, verify that the DNS server that you are planning on using is accessible and responding to DNS queries. You can do this by using the dig(1) command from the GZ of the head node.
# dig @192.168.212.1 A
; <<>> DiG 9.8.0 <<>> @192.168.212.1 A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40285
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 18247 IN NS m.root-servers.net.
. 18247 IN NS c.root-servers.net.
. 18247 IN NS e.root-servers.net.
. 18247 IN NS j.root-servers.net.
. 18247 IN NS h.root-servers.net.
. 18247 IN NS b.root-servers.net.
. 18247 IN NS l.root-servers.net.
. 18247 IN NS f.root-servers.net.
. 18247 IN NS k.root-servers.net.
. 18247 IN NS g.root-servers.net.
. 18247 IN NS a.root-servers.net.
. 18247 IN NS d.root-servers.net.
. 18247 IN NS i.root-servers.net.
;; Query time: 43 msec
;; SERVER: 192.168.212.1#53(192.168.212.1)
;; WHEN: Tue Nov 4 19:56:08 2014
;; MSG SIZE rcvd: 228The server above is responding as expected. Conversely, a failure will look like this:
# dig @192.168.212.11
; <<>> DiG 9.8.0 <<>> @192.168.212.11
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reachedChange the SDC7 config File
1. Mount the USB Key
Using the sdc-usbkey command, mount the usb key on the head node.
# sdc-usbkey mount
# df -h | grep /mnt/usbkey
/dev/dsk/c1t0d0p1 3.7G 2.8G 908M 77% /mnt/usbkey2. Backup the SDC7 config File
Create a backup copy of the config file.
# cp /mnt/usbkey/config /mnt/usbkey/config.dns.backup3. Edit the SDC7 config file
Using a text editor, adjust the following line in the config file to use the new DNS server(s).
dns_resolvers=8.8.8.8,8.8.4.4For example:
# diff config config.dns.backup
102c102
< dns_resolvers=208.67.222.222,208.67.220.220
---
> dns_resolvers=8.8.8.8,8.8.4.44. Verify the SDC7 config File
Verify that the config file is syntactically correct; this can easily done by sourcing the file:
# source /mnt/usbkey/configIf this command throws any errors, you will need to correct them prior to proceeding.
5. Umount the usbkey
Umount the usbkey via:
# sdc-usbkey unmount6. Reboot the head node
# reboot7. Test DNS
Once the headnode has rebooted, you need to test dns. You can do this by
first inspecting the contents of /etc/resolv.conf in the GZ of the head
node:
# cat /etc/resolv.conf
search virington.com
nameserver 10.1.1.11
nameserver 208.67.222.222
nameserver 208.67.220.220Note: You will always see an address on the admin network listed first in your resolvers file. Do not change this; this is required for SDC7 to function properly.
Then, use the ping command to resolve a foreign host:
# ping joyent.com
joyent.com is alive