From b8b3830dc4b51265d3a3e0e85fb143ad13a7dbc3 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 22 May 2023 11:58:41 +0200 Subject: [PATCH] ntp: randomize address selection on all source replacements If the resolver orders addresses by IP family, there is more than one address in the preferred IP family, and they are all reachable, but not selectable (e.g. falsetickers in a small pool which cannot remove them from DNS), chronyd is unable to switch to addresses in the other IP family as it follows the resolver's order. Enable randomization of the address selection for all source replacements and not just replacement of (unreachable) tentative sources. If the system doesn't have connectivity in the other family, the addresses will be skipped and no change in behavior should be observed. --- ntp_sources.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ntp_sources.c b/ntp_sources.c index 91267dc..f10b330 100644 --- a/ntp_sources.c +++ b/ntp_sources.c @@ -988,11 +988,11 @@ resolve_source_replacement(SourceRecord *record, int refreshment) us = MallocNew(struct UnresolvedSource); us->name = Strdup(record->name); - /* If there never was a valid reply from this source (e.g. it was a bad - replacement), ignore the order of addresses from the resolver to not get - stuck to a pair of addresses if the order doesn't change, or a group of - IPv4/IPv6 addresses if the resolver prefers inaccessible IP family */ - us->random_order = record->tentative; + /* Ignore the order of addresses from the resolver to not get + stuck with a pair of unreachable or otherwise unusable servers + (e.g. falsetickers) in case the order doesn't change, or a group + of servers if they are ordered by IP family */ + us->random_order = 1; us->refreshment = refreshment; us->pool_id = INVALID_POOL; us->address = *record->remote_addr;