E-Mail Sent to this address will be added to the BlackLists wrote:
Ron Frazier (NTP) wrote:
In my research operating ntpd on Windows and Linux, I
discovered that the default ntp.conf installed by
Meinberg does not have any access restrictions.
I think it would be a good idea to add this to your file
unless you require more liberal access for your LAN, etc.
This is the default setup for my Ubuntu Linux machines.
# By default, exchange time with everybody, but don't allow configuration.
----------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
-------------------------------------------------^^^^^^^
# allow unrestricted access from the localhost (so that you may monitor ntpd
# and perform on-the-fly configuration changes with ntpdc)
# Local users may interrogate the ntp server more closely.
# IPv4
restrict 127.0.0.1
# IPv6
restrict -6 ::1
Unless I misreading the above (somehow),
that would be a client only config,
as it would not permit queries by _any_ other clients.
What about e.g. restrict source nomodify ?
... to avoid issues when configuring servers / pools
where the DNS query may return more than one IP?
Noquery prevents ntpq requests rather than time requests.
At least the pool monitoring didn't complain when I added
two servers late 2009 when the ntp.confs had:
"restrict default noquery"
As from Oct 23 2011 they have had:
"restrict default limited kod nomodify notrap nopeer"
David
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
