On Fri, Dec 30, 2016 at 03:32:51PM -0800, Ask Bjørn Hansen wrote: > On Tuesday, September 6, 2016 at 1:41:10 AM UTC-7, Miroslav Lichvar wrote: > > On 2016-09-05, a...@ntppool.org <a...@ntppool.org> wrote: > > > restrict default kod nomodify notrap nopeer noquery > > > restrict -6 default kod nomodify notrap nopeer noquery > > > > I think this line shouldn't be necessary as restrict default specified > > without -4 and -6 should apply to both. > > Ok, thank you. Is that the case for older versions of ntpd, too? There's > obviously a bit of cargo cult going on here, I appreciate the help getting to > an actual best practices recommendation. :-/
I think the last version that needed that -6 line was 4.2.4. > For Martin's comment about kod and limited: > > I'm not sure if 'limited' works on a reasonably busy NTP server (hundreds to > a few thousand queries a second) and I don't think anyone has shown that KoD > packets does something useful for a meaningful number of the "bad clients", > so I should probably just take 'kod' out. Makes sense to me. > > How many servers should the client use at the same time? The default > > value of tos maxclock is 10, so it would use 10 servers. That seems a > > bit excessive. If it should be equivalent to the current recommendation, > > the config would need to include > > > > tos maxclock 4 > > How does that work if the client is dual-stack? I'd like to avoid the client > (sometimes) just getting IPv6 if it's dual-stack. That probably won't work. If the client selects only IPv6 addresses from all addresses the name has resolved too, I think it will replace them with IPv4 addresses only when they are unreachable. > > Would it make sense to use 2.pool.ntp.org in the config instead of > > 0.pool.ntp.org in order to get IPv6 addresses? > > My plan is to make the "bare" name have IPv6 soon. I've also been planning to > change it to have explicit "I'm an SNTP client" vs "I'm an NTP client" names > though. The difference being that SNTP clients resolve the name before each NTP query? I'm not sure if all SNTP clients do that. -- Miroslav Lichvar _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions