J. Bakshi <[email protected]> wrote: > Hello list, > > I like to secure my ntp daemon with "restrict default ignore" but ntp stops > synchronizing with this configuration; though I have restrict lines for ntp > servers. My ntp.conf is simple as below > > `````````````````````````````` > driftfile /var/lib/ntp/ntp.drift > > server 0.asia.pool.ntp.org iburst dynamic > server 1.asia.pool.ntp.org iburst dynamic > > restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap > restrict default ignore > restrict 0.asia.pool.ntp.org notrap noquery > restrict 1.asia.pool.ntp.org notrap noquery > restrict 127.0.0.1 > ``````````````````````````````````````` > > ntp starts working if I remove "restrict default ignore" . Is not the > restrict lines with server > designed to work with "restrict default ignore" ? I am very much confused > here, any clue please ?
It does not work because 0.asia.pool.ntp.org returns a different value every time, so the server 0.asia.pool.ntp.org and the restrict line with 0.asia.pool.ntp.org don't work with the same value. The restrict does not match the server. _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
