Description of problem: 4.2.8p11 seems to break synchronization with (TC) autokey servers; especially when running as broadcast client. 4.2.8p10 (from https://koji.fedoraproject.org/koji/buildinfo?buildID=1044801) appears to be ok. Affects p11 in Fedora 27 too. Upstream report and details: http://bugs.ntp.org/show_bug.cgi?id=3494 Version-Release number of selected component (if applicable): ntp-4.2.8p11-2.fc28.x86_64
Thanks for the upstream report. This bug is most likely due to one of the CVEs fixed in 4.2.8p11. FWIW, upstream doesn't care much about autokey since it was found to be insecure. You might want to consider switching to a symmetric key if possible.
I'm closing this bug. If/when the issue is fixed upstream, we'll get the fix in Fedora too.