[ntp:questions] symmetric active while configurion uses server mode, RFC compliant or not?

Brian Utterback brian.utterback at oracle.com
Sat May 18 18:10:45 UTC 2013

On 5/18/2013 3:14 AM, Joe the Shmoe wrote:
> Zooming on these I see two types of requests:
> - received symmetric active from unconfigured hosts, which get answered
> by symmetric passive from my host. Here the point I do not understand is
> that the NTP server is configured in a way to "Deny packets that might
> mobilize an association unless authenticated." Shouldn't the server
> ignore the request rather than answering them by a symmetric passive
> message?

This is non-intuitive and arguably incorrect according to the RFC, but 
it is the programmed behavior.  There was a time when all Windows 
clients used symmetric active mode, so to work around that ntpd with 
nopeer configured responded with symmetric active mode packets but did 
not mobilize the association. I don't know if they still use symmetric 
active by default. Perhaps this should be revisited.

> - Other symmetric active requests come from the server itself toward one
> of the 5 configured hosts. But the server only makes use of "server" in
> the configuration (no "peer" statement). This occurs after a first NTP
> client request to that configured host which get answered by two NTP
> server from the configured host.

Can you post the traces? I am not sure I follow.


More information about the questions mailing list