Hi!
Thanks for the hint!
Maybe someone could put that on the pool website? Something like a
preferred configuration info page for servers on the pool.
The support section on support.ntp.org seems to be a bit outdated
regarding "-4/-6" and "limited".
I looked up the default configuration in Debian. squeeze, wheezy and
even sid uses the exact same configuration as Ted mentioned. No sign of
limited. Seems like this is a new feature?
Another question: Should I use "iburst" in my "server" directive or not?
There was a thread about 2 years ago about adding iburst to the default
configuration of some distributions.
But it seems that iburst doesn't make much of a difference if my server
runs like forever without a restart, right?
What about using the "leapfile" setting? Do you recommend that?
Btw: I'm talking about servers that are *serving* time for the pool, not
clients *using* the pool.
Thanks!
Cheers,
Thomas
On 24.06.2012 05:36, Dave Hart wrote:
Ted, your posted ntp.conf has:
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
If you're using ntpd 4.2.6 or later, you can consolidate that into a
single line omitting -4/-6. In any case, please consider adding
"limited" to your default restrictions, so that clients are
rate-limited and your server is less useful for spoofed-source-address
reflection attacks. Without "limited", the "kod" is useless -- it
controls only how ntpd responds to rate limit exceeded, but first you
have to have "limited" to enforce the rate limit.
Cheers,
Dave Hart
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
