[ntp:questions] Re: noserve restrict option

Robert Rati Robert.Rati at motorola.com
Mon Oct 11 18:57:05 UTC 2004


I'm trying to keep the system as secure as possible, and 
unfinger-printable remotely.  I didn't decide that noserve was an option 
needed, I'm just performing a package upgrade. :)  That being said, my 
reading of the documentation indicated that noserve would prevent time 
packets and thus defeat the purpose of the ntp daemon, but I wanted to 
make sure.

As for the maxpoll, this system is working in an environment that has 
restrictions on how often the clients can poll the servers so it is 
unfortunately required.

Thanks for the clairification on the noserve option.  However, what I 
don't understand is why this same config worked on version 4.1 but 
doesn't work (apparantly correctly) on 4.2.  Any ideas?

Rob

Steve Kostecke wrote:
> On 2004-10-05, Robert Rati <Robert.Rati at motorola.com> wrote:
> 
> 
>>I'm attempting to secure an NTP client setup and have recently upgraded 
>>from 4.1 to 4.2 but one of the options I used in 4.1 appears to work 
>>differently in 4.2.  Basically, I restrict clients with the default:
>>
>>restrict default ignore
>>
>>For each time server I have:
>>
>>restrict <ip-addr> noquery noserve
> 
> 
> Noserve blocks time packets. This means that you won't be able to get
> the time from that server because you can't send time packets to it.
> 
> Why do you think that you need noserve in this situation? 
> 
> 
>>server <ip-addr> maxpoll 12 version 3
> 
> 
> You're better off not overriding ntpd's min/maxpoll settings unless you
> find yourself in a situation where you absolutely have to do it.
> 



More information about the questions mailing list