question about my ntpd.conf - NTP

This is a discussion on question about my ntpd.conf - NTP ; Hello Everything is working. I just have a few questions about my ntp.conf from lines 6-10 restrict 127.0.0.1 server 0.us.pool.ntp.org server 1.us.pool.ntp.org server 2.us.pool.ntp.org 6. restrict default kod nomodify notrap noquery 7. restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery 8. ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: question about my ntpd.conf

  1. question about my ntpd.conf

    Hello

    Everything is working. I just have a few questions about my ntp.conf
    from lines 6-10

    restrict 127.0.0.1
    server 0.us.pool.ntp.org
    server 1.us.pool.ntp.org
    server 2.us.pool.ntp.org

    6. restrict default kod nomodify notrap noquery
    7. restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
    8. restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
    9 restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
    10. restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap

    server 127.127.1.0 # local clock
    fudge 127.127.1.0 stratum 10
    driftfile /var/lib/ntp/drift
    logfile /var/log/ntp.log
    broadcastdelay 0.008
    keys /etc/ntp/keys

    Since I already have line 6 do I really need to add lines 7-10 because
    of the word default in line 6?

    shouldn't I have this line for my server instead like below
    restrict a.b.c.d (my server) mask 255.255.255.255 nomodify notrap no
    query

    thank


  2. Re: question about my ntpd.conf

    Cong wrote:
    > Hello
    >
    > Everything is working. I just have a few questions about my ntp.conf
    > from lines 6-10
    >
    > restrict 127.0.0.1
    > server 0.us.pool.ntp.org
    > server 1.us.pool.ntp.org
    > server 2.us.pool.ntp.org
    >
    > 6. restrict default kod nomodify notrap noquery
    > 7. restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
    > 8. restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
    > 9 restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
    > 10. restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
    >
    > server 127.127.1.0 # local clock
    > fudge 127.127.1.0 stratum 10
    > driftfile /var/lib/ntp/drift
    > logfile /var/log/ntp.log
    > broadcastdelay 0.008
    > keys /etc/ntp/keys
    >
    > Since I already have line 6 do I really need to add lines 7-10 because
    > of the word default in line 6?
    >
    > shouldn't I have this line for my server instead like below
    > restrict a.b.c.d (my server) mask 255.255.255.255 nomodify notrap no
    > query
    >
    > thank
    >


    You don't need lines 6-10. The restrict ... default statement applies
    to all server instances for which you do not explicitly change it. I
    don't think you need the KOD option either. If your server is visible
    to the world at large and you have people abusing your server you might
    need it, otherwise not.

  3. Re: question about my ntpd.conf

    On 2006-10-25, Cong wrote:



    Here's a cleaned up version. I've removed a couple of lines that served
    no purpose and appended iburst to your server lines to get you quicker
    initial sync.

    -------------------------------------8X-------------------------------------

    # General Settings
    driftfile /var/lib/ntp/drift
    logfile /var/log/ntp.log

    # Default Restrictions
    restrict default kod nomodify notrap noquery
    restrict 127.0.0.1

    # Authorized Clients
    restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap

    # Undisciplined Local Clock
    server 127.127.1.0
    fudge 127.127.1.0 stratum 10

    # Remote Time Servers
    server 0.us.pool.ntp.org iburst
    server 1.us.pool.ntp.org iburst
    server 2.us.pool.ntp.org iburst

    -------------------------------------8X-------------------------------------

    The following lines are not doing anything:

    > broadcastdelay 0.008
    > keys /etc/ntp/keys


    > shouldn't I have this line for my server instead like below
    > restrict a.b.c.d (my server) mask 255.255.255.255 nomodify notrap no
    > query


    No. Restrict lines affect how your ntpd treats packets that arrive FROM
    the address / subnet specified on that line.

    BTW: You can not currently use restrict statements for hostnames that
    resolve to more than one IP address unless you include separate restrict
    statements for every possible IP address. So the best that you can do
    for pool servers is set a reasonable default restriction.

    You may want to take a look at http://ntp.isc.org/Support/AccessRestrictions

    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

  4. Re: question about my ntpd.conf

    Thank Steve


    Steve Kostecke wrote:
    > On 2006-10-25, Cong wrote:
    >
    >
    >
    > Here's a cleaned up version. I've removed a couple of lines that served
    > no purpose and appended iburst to your server lines to get you quicker
    > initial sync.
    >
    > -------------------------------------8X-------------------------------------
    >
    > # General Settings
    > driftfile /var/lib/ntp/drift
    > logfile /var/log/ntp.log
    >
    > # Default Restrictions
    > restrict default kod nomodify notrap noquery
    > restrict 127.0.0.1
    >
    > # Authorized Clients
    > restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
    >
    > # Undisciplined Local Clock
    > server 127.127.1.0
    > fudge 127.127.1.0 stratum 10
    >
    > # Remote Time Servers
    > server 0.us.pool.ntp.org iburst
    > server 1.us.pool.ntp.org iburst
    > server 2.us.pool.ntp.org iburst
    >
    > -------------------------------------8X-------------------------------------
    >
    > The following lines are not doing anything:
    >
    > > broadcastdelay 0.008
    > > keys /etc/ntp/keys

    >
    > > shouldn't I have this line for my server instead like below
    > > restrict a.b.c.d (my server) mask 255.255.255.255 nomodify notrap no
    > > query

    >
    > No. Restrict lines affect how your ntpd treats packets that arrive FROM
    > the address / subnet specified on that line.
    >
    > BTW: You can not currently use restrict statements for hostnames that
    > resolve to more than one IP address unless you include separate restrict
    > statements for every possible IP address. So the best that you can do
    > for pool servers is set a reasonable default restriction.
    >
    > You may want to take a look at http://ntp.isc.org/Support/AccessRestrictions
    >
    > --
    > Steve Kostecke
    > NTP Public Services Project - http://ntp.isc.org/



+ Reply to Thread