[ntp:questions] Re: recvfrom( fd=51: Connection refused

Danny Mayer mayer at ntp.isc.org
Mon Sep 11 02:29:14 UTC 2006

Luc Pardon wrote:
> Hmmm, yes. And further down it says:
>     You may use either a hostname or IP address on the server line.
>     You must use an IP address on the restrict line.
> This must be a mistake in that page. See the official docs at:

Yes, that is a mistake. However, due to the current implementation you
need to be careful if the name has more than one A or AAAA record,
particularly if it has both since the restrict line can pick up a
different IP address than the one used on the server line.

>     http://www.eecis.udel.edu/~mills/ntp/html/accopt.html
> where it says:
>    restrict address [mask mask] [flag][...]
>     The address argument expressed in dotted-quad form is
>     the address of a host or network. Alternatively, the
>     address argument can be a valid host DNS name.
> If you couldn't use hostnames, it would render access restrictions
> rather useless. Many public servers ask that you use DNS names rather
> than IP addresses. It doesn't seem to make sense to query them using the
> hostname and "restrict" (allow the replies in) using a (volatile) IP.
> Furthermore, hostnames work just fine, the replies are accepted. Have
> been for at least five years or so.

No, you are correct.

> That doesn't mean I'm not willing to change it if that helps diagnose
> the problem.

It's unrelated.


More information about the questions mailing list