question about my ntpd.conf
Hello
Everything is working. I just have a few questions about my ntp.conf
from lines 6-10
restrict 127.0.0.1
server 0.us.pool.ntp.org
server 1.us.pool.ntp.org
server 2.us.pool.ntp.org
6. restrict default kod nomodify notrap noquery
7. restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
8. restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
9 restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
10. restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
logfile /var/log/ntp.log
broadcastdelay 0.008
keys /etc/ntp/keys
Since I already have line 6 do I really need to add lines 7-10 because
of the word default in line 6?
shouldn't I have this line for my server instead like below
restrict a.b.c.d (my server) mask 255.255.255.255 nomodify notrap no
query
thank
Re: question about my ntpd.conf
Cong wrote:[color=blue]
> Hello
>
> Everything is working. I just have a few questions about my ntp.conf
> from lines 6-10
>
> restrict 127.0.0.1
> server 0.us.pool.ntp.org
> server 1.us.pool.ntp.org
> server 2.us.pool.ntp.org
>
> 6. restrict default kod nomodify notrap noquery
> 7. restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
> 8. restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
> 9 restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
> 10. restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
>
> server 127.127.1.0 # local clock
> fudge 127.127.1.0 stratum 10
> driftfile /var/lib/ntp/drift
> logfile /var/log/ntp.log
> broadcastdelay 0.008
> keys /etc/ntp/keys
>
> Since I already have line 6 do I really need to add lines 7-10 because
> of the word default in line 6?
>
> shouldn't I have this line for my server instead like below
> restrict a.b.c.d (my server) mask 255.255.255.255 nomodify notrap no
> query
>
> thank
>[/color]
You don't need lines 6-10. The restrict ... default statement applies
to all server instances for which you do not explicitly change it. I
don't think you need the KOD option either. If your server is visible
to the world at large and you have people abusing your server you might
need it, otherwise not.
Re: question about my ntpd.conf
On 2006-10-25, Cong <congngo@yahoo.com> wrote:
<snip: old ntp.conf>
Here's a cleaned up version. I've removed a couple of lines that served
no purpose and appended iburst to your server lines to get you quicker
initial sync.
-------------------------------------8X-------------------------------------
# General Settings
driftfile /var/lib/ntp/drift
logfile /var/log/ntp.log
# Default Restrictions
restrict default kod nomodify notrap noquery
restrict 127.0.0.1
# Authorized Clients
restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
# Undisciplined Local Clock
server 127.127.1.0
fudge 127.127.1.0 stratum 10
# Remote Time Servers
server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
-------------------------------------8X-------------------------------------
The following lines are not doing anything:
[color=blue]
> broadcastdelay 0.008
> keys /etc/ntp/keys[/color]
[color=blue]
> shouldn't I have this line for my server instead like below
> restrict a.b.c.d (my server) mask 255.255.255.255 nomodify notrap no
> query[/color]
No. Restrict lines affect how your ntpd treats packets that arrive FROM
the address / subnet specified on that line.
BTW: You can not currently use restrict statements for hostnames that
resolve to more than one IP address unless you include separate restrict
statements for every possible IP address. So the best that you can do
for pool servers is set a reasonable default restriction.
You may want to take a look at [url]http://ntp.isc.org/Support/AccessRestrictions[/url]
--
Steve Kostecke <kostecke@ntp.isc.org>
NTP Public Services Project - [url]http://ntp.isc.org/[/url]
Re: question about my ntpd.conf
Thank Steve
Steve Kostecke wrote:[color=blue]
> On 2006-10-25, Cong <congngo@yahoo.com> wrote:
>
> <snip: old ntp.conf>
>
> Here's a cleaned up version. I've removed a couple of lines that served
> no purpose and appended iburst to your server lines to get you quicker
> initial sync.
>
> -------------------------------------8X-------------------------------------
>
> # General Settings
> driftfile /var/lib/ntp/drift
> logfile /var/log/ntp.log
>
> # Default Restrictions
> restrict default kod nomodify notrap noquery
> restrict 127.0.0.1
>
> # Authorized Clients
> restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
>
> # Undisciplined Local Clock
> server 127.127.1.0
> fudge 127.127.1.0 stratum 10
>
> # Remote Time Servers
> server 0.us.pool.ntp.org iburst
> server 1.us.pool.ntp.org iburst
> server 2.us.pool.ntp.org iburst
>
> -------------------------------------8X-------------------------------------
>
> The following lines are not doing anything:
>[color=green]
> > broadcastdelay 0.008
> > keys /etc/ntp/keys[/color]
>[color=green]
> > shouldn't I have this line for my server instead like below
> > restrict a.b.c.d (my server) mask 255.255.255.255 nomodify notrap no
> > query[/color]
>
> No. Restrict lines affect how your ntpd treats packets that arrive FROM
> the address / subnet specified on that line.
>
> BTW: You can not currently use restrict statements for hostnames that
> resolve to more than one IP address unless you include separate restrict
> statements for every possible IP address. So the best that you can do
> for pool servers is set a reasonable default restriction.
>
> You may want to take a look at [url]http://ntp.isc.org/Support/AccessRestrictions[/url]
>
> --
> Steve Kostecke <kostecke@ntp.isc.org>
> NTP Public Services Project - [url]http://ntp.isc.org/[/url][/color]
