[ntp:questions] Re: Newbie question - ntpd not answering requests

Steve Kostecke kostecke at ntp.isc.org
Thu Oct 21 20:35:38 UTC 2004


On 2004-10-21, Richard B. Gilbert <rgilbert88 at comcast.net> wrote:
> Steve Kostecke wrote:
>
>>On 2004-10-20, Richard B. Gilbert <rgilbert88 at comcast.net> wrote:
>>
>>>restrict pool.ntp.org  nomodify notrap noquery
>>
>>You must use IP addresses on restrict lines.
>>
> How do you handle pool.ntp.org then?   The address(es) that you get are 
> different each time are they not?  And also unknown at the time you 
> write ntp.conf!!!!

If you wish to use 'default restrict ignore' and hostnames which resolve
to multiple IP addresses you must do one of two things:

	1. Create restrict statements for all possible values of that
	hostname.

	2. Resolve that hostname, choose which IP addresses you wish
	to use, and create restrict statements for them.

Choice one is probably not too practical for the ntp pool...

I do think that people are too quick to choose 'restrict default ignore'
as the best solution. It is certainly not the only way to control access
to your ntpd. For example: a firewall which only admits packets for
internally established connections will not allow random users to access
your ntpd.

-- 
Steve Kostecke <kostecke at ntp.isc.org>



More information about the questions mailing list