[ntp:questions] Re: Can I disable "stratum N+1 server" function for NTPclient ?

Maarten Wiltink maarten at kittensandcats.net
Wed Mar 1 12:43:34 UTC 2006


"Yanping Du" <ydu at cisco.com> wrote in message
news:Pine.LNX.4.44.0602281950450.15893-100000 at csbu-test-builder1.cisco.com...

>   Would some experts advise please ?

Will you take advice from me, too?


>   I know NTP hosts work in a hierachy way, i.e. NTP client synced from
> a stratum N ntp server could act as a stratum N+1 ntp server itself.
> I wonder whether I can configure the NTP client to work in "client
> mode" only, and do not provide stratum N+1 ntp server functionality to
> other hosts. Is there a configuration item for this ?

Not by itself, but you can set up a combination of "restrict" items to
do what you want.

You start by totally plugging NTP's ears with "restrict default ignore".
That closes off everything (ignore) for everybody (default), servers and
clients alike.

Then you have to un-restrict any servers you want to use. For example,
"restrict ntp.isp.mine". Because this is a more specific restriction, it
overrides the one for "default", and it overrides "ignore" with an empty
set of restrictions. So this server is no longer restricted at all. If
that's not what you want, configure what you do want instead.

The restrict statement can work on ranges of IP addresses by including
the "mask" keyword. "Restrict 192.168.253.0 mask 255.255.255.0" sets
no-restrictions for IP addresses 192.168.253.x.

Less restrictive things than a total "ignore" can be built from other
available keywords, which I haven't mentioned here at all.

Surf to ntp.isc.org, "NTP support" (under "Webs" in the left pane),
section 6 "Configuring NTP", section 6.4 "ntpd access restrictions".
That's where I looked it up.

Groetjes,
Maarten Wiltink





More information about the questions mailing list