[ntp:questions] Re: ntpd polling server every second
graham at no.spam.thanks
Sun Apr 9 20:07:37 UTC 2006
Steve Kostecke wrote:
> On 2006-04-09, graham <graham at no.spam.thanks> wrote:
>> server <my ISP's ntp server>
>> driftfile /etc/ntp/drift
>> restrict default noquery notrust nomodify
>> restrict 127.0.0.1
>> the daemon server was querying the ISP server every second.
>> When I later modified the default restrict to "ignore" it behaved as
>> expected (ie. every 2^6 seconds).
> 'restrict default ignore' tells ntpd to ignore NTP packets from
> _EVERYONE_ (even your ISP's ntp server).
>> If it makes a difference this is ntpd version 4.2.0.
> notrust, for ntpd 4.2.x, means "ignore NTP packets that are not
> cryptographically authenticated."
Oops, yes, missed out "restrict noquery nomodify" for the ISP NTP server
(it's not cryptographically securing its packets, afaik - I'd presumably
have had to configure a key if it was).
So file should have read
server <my ISP's ntp server>
restrict <my ISP's ntp server> noquery nomodify
restrict default noquery notrust nomodify
With the config as shown ntpd queries the ISP server every second; ntpd
-q bangs on for ages (querying ~every second); fails to set the time
Changing the default to "ignore"... ntpd queries the ISP server roughly
every 60 secs; ntpd -q fails to set the time correctly.
Commenting out the "restrict default" line entirely makes it behave!
Thoroughly confused, and goodness knows what security restrictions it's
More information about the questions