Paul writes: > On Mon, Nov 10, 2014 at 2:55 PM, Rob <[email protected]> wrote: >> Or is there some implicit restrict line for a server that is not there >> for a pool member? > > The rationale for "restrict source" implies there might be. I have no > direct experience since I don't have that problem to solve.
The reason is some folks want one class of restrictions for "machines we get time from" and another class of restrictions for "machines who want time from us". Since we have always needed to know the IP to apply restrictions and the premise is that if we're asking a known server for time we can know its IP, this is pretty easy. The issue gets more difficult when we may know a server's name but we may not be able to know its IP. That's what "restrict source" is for. >> (it was my impression that "noquery" limits status queries, not time >> queries, and that "nopeer" is affecting only "peer" directives) > > No. Recall that "peer" is ambiguous and depends on context to disambiguate. Yes, this is the issue. H _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
