[ntp:questions] Re: "restrict" option : help

Jojo jdptr at cleanthisfree.fr
Fri Jun 24 10:59:57 UTC 2005


Richard B. Gilbert a écrit :
> Jojo wrote:
> 
>> Richard B. Gilbert a écrit :
>>
>>> Jojo wrote:
>>>
>>>> Hi,
>>>>
>>>> i don't understand what's wrong, i explain :
>>>>
>>>> i have a ntp server serving my company.
>>>> it's wide open to the internet and I want to restrict this.
>>>>
>>>> this is my ntp.conf :
>>>>
>>>> # deny access to all by default
>>>> restrict default ignore
>>>>
>>>> # me
>>>> restrict 127.0.0.1
>>>>
>>>> # me, directly connected to the internet
>>>> restrict my.ntp.server.ip
>>>>
>>>> # my network
>>>> restrict 172.16.0.0 mask 255.255.0.0 nomodify
>>>>
>>>> # stratum 2 server
>>>> server ntp.johndoe.com
>>>>
>>>>
>>>>
>>>> The problem is when I use ntpq -p
>>>> I see that ntp.johndoe.com stratum value is 16 (meaning unaccessible).
>>>>
>>>> Have you got tips about this issue ?
>>>
>>>
>>>
>>>
>>> It's not clear from your message if you have done this or not!
>>>
>>> Add
>>> restrict <numeric IP address of ntp.johndoe.com> 255.255.255.255 
>>> nomodify.
>>>
>>> You MUST use the numeric IP address in each restrict statement!!  If
>>> "# me, directly connected to the internet
>>> restrict my.ntp.server.ip "
>>> was intended to represent the actual numeric address, it was not 
>>> sufficiently clear.
>>>
>>
>> Hi,
>>
>> No I didn't, but I thought (since I use the statement "server 
>> ntp.johndoe.com" ) it should have worked.
>>
>> To use the IP address instead of DNS name in all restrict statement is 
>> quite embarrasing, since the IP can change in future. What do you think ?
> 
> 
> You're right!   But that's the way it works at the moment.  I believe 
> that there are plans to change this but it won't be done soon.

OK, thanks for your help !

Cheers!



More information about the questions mailing list