[ntp:questions] just joined the pool, a check list

Cyrille37 cyrille37 at gmail.com
Thu Nov 8 19:31:54 UTC 2007


Thank you very much Dennis for your corrections !

Best regards
Cyrille.

On 7 nov, 22:02, "Dennis Hilberg, Jr."
<timekee... at dennishilberg.com.invalid> wrote:
> Cyrille37 wrote:
> > Hello
> > I've just joined the pool with a server running ntpd 4.2.4p4.
> > I would like to have done well, so I post here the configuration for
> > comments if needed.
>
> > 1/ ntpd is lauched with option -g
>
> > 2/ here is ntpd.conf :
>
> > statsdir /var/log/ntpstats/
> > statistics loopstats peerstats clockstats
> > filegen loopstats file loopstats type day enable
> > filegen peerstats file peerstats type day enable
> > filegen clockstats file clockstats type day enable
>
> Since you aren't running a clock driver, clockstats won't generate anything.
>
> > driftfile /etc/ntp.drift
>
> I've been told it's bad practice to allow ntpd to write to /etc .  You
> should use /var/lib/ntp.drift or something similar.
>
> You also don't have a logfile specified.
>
> > server ntp.via.ecp.fr iburst dynamic
> > server ntp.obspm.fr iburst dynamic
> > server ntp1.belbone.be iburst dynamic
> > server ntp1.kamino.fr iburst dynamic
> > server timeserver.ntp.ch iburst dynamic
> > server canon.inria.fr
> > server ntp.probe-networks.de
>
> According to the documentation, the dynamic option isn't supported in the
> current implementation.  You should use iburst on all your servers.
>
> > restrict -4 default kod notrap nomodify nopeer noquery
> > restrict -6 default kod notrap nomodify nopeer noquery
>
> You don't specify -4 or -6 with restrict.  And don't use the 'noquery'
> option as that turns off 'ntpq' and 'ntpdc' queries.  A lot of operators
> like to know information about their clients.  Plus, if you set:
>
> restrict default kod notrap nomodify nopeer noquery
>
> You won't be able to query your server from the local machine, unless you
> specify a restriction for it.
>
> Set it up like this:
>
> # Default access restrictions (applies to all clients, local or not)
> restrict default kod nopeer nomodify notrap
>
> # Allow localhost unrestricted access
> restrict 127.0.0.1
>
> So to summarize, here is a fixed ntp.conf:
>
> # Default access restrictions (applies to all clients)
> restrict default kod nopeer nomodify notrap
>
> # Allow localhost unrestricted access
> restrict 127.0.0.1
>
> server ntp.via.ecp.fr iburst
> server ntp.obspm.fr iburst
> server ntp1.belbone.be iburst
> server ntp1.kamino.fr iburst
> server timeserver.ntp.ch iburst
> server canon.inria.fr iburst
> server ntp.probe-networks.de iburst
>
> driftfile /var/lib/ntp.drift
>
> logfile /var/log/ntp/ntp.log
>
> statsdir /var/log/ntp/
> statistics loopstats peerstats clockstats
> filegen loopstats file loopstats type day enable
> filegen peerstats file peerstats type day enable
>
> --
> Dennis Hilberg, Jr.      timekeeper(at)dennishilberg(dot)com
> NTP Server Information:  http://saturn.dennishilberg.com/ntp.php





More information about the questions mailing list