[ntp:questions] Re: "restrict" option : help

Richard B. Gilbert rgilbert88 at comcast.net
Fri Jun 24 10:48:37 UTC 2005


Jojo wrote:

> Richard B. Gilbert a écrit :
>
>> Jojo wrote:
>>
>>> Hi,
>>>
>>> i don't understand what's wrong, i explain :
>>>
>>> i have a ntp server serving my company.
>>> it's wide open to the internet and I want to restrict this.
>>>
>>> this is my ntp.conf :
>>>
>>> # deny access to all by default
>>> restrict default ignore
>>>
>>> # me
>>> restrict 127.0.0.1
>>>
>>> # me, directly connected to the internet
>>> restrict my.ntp.server.ip
>>>
>>> # my network
>>> restrict 172.16.0.0 mask 255.255.0.0 nomodify
>>>
>>> # stratum 2 server
>>> server ntp.johndoe.com
>>>
>>>
>>>
>>> The problem is when I use ntpq -p
>>> I see that ntp.johndoe.com stratum value is 16 (meaning unaccessible).
>>>
>>> Have you got tips about this issue ?
>>
>>
>>
>> It's not clear from your message if you have done this or not!
>>
>> Add
>> restrict <numeric IP address of ntp.johndoe.com> 255.255.255.255 
>> nomodify.
>>
>> You MUST use the numeric IP address in each restrict statement!!  If
>> "# me, directly connected to the internet
>> restrict my.ntp.server.ip "
>> was intended to represent the actual numeric address, it was not 
>> sufficiently clear.
>>
>
> Hi,
>
> No I didn't, but I thought (since I use the statement "server 
> ntp.johndoe.com" ) it should have worked.
>
> To use the IP address instead of DNS name in all restrict statement is 
> quite embarrasing, since the IP can change in future. What do you think ?

You're right!   But that's the way it works at the moment.  I believe 
that there are plans to change this but it won't be done soon.



More information about the questions mailing list