On 2014-03-28 02:50, Witt, Stefan wrote:
Hello, looking for an answer of the following misbehaviour:
Server entries are only valid and accepted if I use ip-address and not if I
user fqdn of the timeserver1/2!
Resolving of Timeserver-fqdn is successful!
Do anybody have an explanation of this unexpected behavior?
the ntp.conf looks quite like that:
##########
restrict 0.0.0.0 mask 0.0.0.0 nomodify nopeer
equivalent to:
restrict default nomodify nopeer
should add noquery, notrap and limited, kod to avoid RDDoS attacks
and rate limit everything:
restrict default kod limited nomodify nopeer noquery notrap
and allow local access:
restrict 127.0.0.1
restrict -6 ::1
also add any local subnet or systems you may want to monitor from
##########
# driftfile ist sehr empfehlenswert wg. Reboot-Situationen
driftfile /etc/inet/ntp.drift
################################
remove below as it is really designed for external local clock discipline:
server 127.127.1.1
fudge 127.127.1.1 stratum 5
add orphan mode if you want to be able to serve time, and a couple of internet
servers or a pool statement with a pool server:
pool CC.pool.ntp.org iburst minpoll 6 maxpoll 6
where CC is your country code
and add "iburst minpoll 6 maxpoll 6" to your server lines
### internal timeserver:
##server fqdn-timeserver1 prefer
##server fqdn-timeserver2
# internal timeserver:
server <ipv4-adress-timeserver1> prefer
server <ipv4-adress-timeserver2>
#########################################################################
Names are resolved by DNS - check with nslookup on the host names alone
and with the fqdns and maybe add local aliases to /etc/hosts e.g.:
timeserver1-ipaddress timeserver1-hostname timeserver1-fqdn
timeserver2-ipaddress timeserver2-hostname timeserver2-fqdn
and to be friendly add to ntp.conf:
restrict timeserver1-hostname nomodify
restrict timeserver2-hostname nomodify
--
Take care. Thanks, Brian Inglis
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
