[ntp:hackers] Re: configuration file rewrite
mayer at ntp.isc.org
Fri Mar 3 04:35:20 UTC 2006
Harlan Stenn wrote:
> (Adding Dave to the Cc: line.)
> Danny Mayer wrote:
>> Hal Murray wrote:
>>> Speaking of configuration rewrite...
>>> Is it on the wish-list to add a minimal (un)restrict entry so that a
>>> server or peer specified in the config file will work correctly even
>>> if there is a blanket restriction that would otherwise block replies?
>>> Maybe the restrict keywords should be allowed on the server config
>>> lines with an appropriate default so you can modify the free restrict
>>> line. ???
>>> I think this would solve the problem of can't-use-DNS unless it
>>> returns only one IP address.
> Danny> I was planning to have any server/peer that was configured,
> Danny> whether as a host/FQDN or as an IP address added to the list of
> Danny> allowed addresses irrespective of the restrict settings unless
> Danny> that address is explicitly denied. It makes no sense any other
> Danny> way. It has nothing to do with the config file rewrite.
> Danny, what do you mean by "the list of allowed addresses"? "Allowed"
> to do what, exactly?
> Sometimes people list servers that they wish to monitor but they do not
> want to exchange time with them. There must be a way to continue to get
> this behavior.
A server line is one that you have asked to accept time from. A peer
allows you to exchange time (provided they are at the same stratum).
Regardless, the intent is not to override any restrict statement that is
specific for that server but to just add it as allowed when not
explicitly referenced. Still to be worked out is exactly what restrict
options it would default to. In addition we should do FQDN matching
between server and restrict lines so that the IP address chosen to be
used for the server is the one that the restrict line with the same FQDN
will apply to. It would greatly simplify configuration issues. We could
also add a restrict "servers" keyword instead of individual
names/addresses to be applied to all servers specified in the
More information about the hackers