[ntp:questions] ntpd access restrictions: Server allowed works only with ipaddress

Martin Burnicki martin.burnicki at meinberg.de
Thu Apr 3 14:19:16 UTC 2014

E-Mail Sent to this address will be added to the BlackLists schrieb:
> Martin Burnicki wrote:> BlackLists schrieb:
>> "orphan" and "pool" are only supported with ntpd 4.2.6 and newer.
>> If the OP uses an older version this won't work.
> To me it seems the problem they are having,
>    was fixed about four years ago with the introduction of restrict source
>    in 4.2.7p22.
>   Sure if they want to use ntp software before 2010,
>    that they have issues with, and they don't want to use the latest,
>    then I guess they could continue to suffer at their own discretion.
> If your point was I didn't tell them any of that,
>   point taken: Development  4.2.7p438  2014/04/01
> <http://www.ntp.org/downloads.html> <http://archive.ntp.org/ntp4/>
> <http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p438.tar.gz>
> Although if you expect me to explain in every post
>    that thousands of issues / bugs have been fixed,
>    any many features added, over countless newer versions
>    since a few years to decades ago;
>   Might I also expect the person asking questions to mention
>    the version they are using, or I may assume they have
>    already tried the latest version?

 From my own experience I can say that after upgrades you often have new 
features available, regardless if you need or want them, or not, but 
also often things don't work anymore as they used to do. This is a 
general experience, not specific to NTP.

 From our own customers I know that many of them keep using e.g. 
existing/older Linux distros, since basically they work as expected, and 
they don't always upgrade the whole distro just because a new version is 
available. And often they still use the version of a program that has 
been shipped with the distro because this is under control of the 
package management. In other cases they just can#t upgrade the whole 
system since other software relies on specific program versions.

Of course, if a system administrator stumbles across a specific bug then 
I'd also expect him to try a newer version of the software first, if 
available, and see if the bug has already been fixed. On the other hand, 
problems due to misunderstanding of the underlying concepts can't be 
fixed with a software update.

Also, for non-programmers it's not to easy to build an NTP binary 
package from a tarball. For example, even if you have the openssl 
libraries installed on your Linux machine you will end up with ntpd 
built silently without crypto support, if you don't have the openssl 
*header* files installed in addition.

So I can understand why many people just try to keep working with the 
latest binary package available for their distro.

Many people asking here for advice are new to NTP. Often they are not 
even familiar with the way NTP is supposed to work, and they get great 
help from the experienced NTP users here in the newsgroup or on the 
questions mailing list, including you.

Often one can help them easily by telling them which lines to add into 
their config file to get things working, even if they are not using the 
very last recent version of the software.

I'm not trying to bother someone here on the list, but for example the 
"pool" and "orphan" stuff are not bug fixes but new 
features/enhancements introduced in a certain version of the NTP 
package. If you just tell newcomers, "Try pool and orphan if your run 
NTP 4.2.6 or newer" they know this will only work if they run one of 
these versions, and if they are actually using an older version they can 
decide if they want to try to upgrade, or try to find a different 
solution for the existing version, and will save them quite some 
frustration they'd get if they tried to use this with older versions of 

Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont

More information about the questions mailing list