[ntp:questions] 4.2a headaches
jeff at sailorfej.net
Thu Jan 5 06:55:13 UTC 2006
I am having some interesting issues with the newer implementation of ntp
4.2 versus 4.1.
Ok, trying to configure a local timeserver on my network (with both
public and private subnets) that sync's from the public ntp pool and/or
other stratum 1 and 2 public timeservers, which then other machines on
my network will use as their timeserver, however since my internet
connection is not the fastest, not to mention I have other uses for it,
I don't want to allow open access to my timeserver.
Now under 4.1 here is what my primary timeserver's ntp.conf looked like
(where 184.108.40.206 and 220.127.116.11 are subnets I want to allow to use my
restrict default noserve notrap nomodify
restrict 18.104.22.168 mask 255.255.255.248 nomodify notrap
restrict 22.214.171.124 mask 255.255.255.248 nomodify notrap
Now this configuration does not work under 4.2, and from what I can
gather from the documentation, this is on purpose, and under the new
rules, you have to add a explicit "restrict" line for each server entry.
And from my testing this seems to be true, restrict defaults of
"noserve" and/or "ignore" block sync with the previous listed
timeservers unless I eliminate the restrict entries altogether, or
specifically list the each server entries IP address with its own
The problem is that you can't use hostnames in a restrict line, and the
reason we use hostname on server lines is so a hosting party can move
the time service to a different IP address with out disrupting
timeservice, not to mention for obvious reasons specific IP listings
won't work if you want to use the ntp.org ntp server pools. So if you
want to sync with pool timeservers and/or use only host names to sync
with specific public timeservers you have to allow open access to your
So is this the way it is supposed to work? am I making a stupid mistake?
or is this a bug in 4.2?
More information about the questions