[ntp:questions] Re: Can I disable "stratum N+1 server" function for NTPclient ?

Yanping Du ydu at cisco.com
Wed Mar 1 22:37:32 UTC 2006


On Wed, 1 Mar 2006, Maarten Wiltink wrote:

> "Yanping Du" <ydu at cisco.com> wrote in message
> news:Pine.LNX.4.44.0602281950450.15893-100000 at csbu-test-builder1.cisco.com...
> 
> >   Would some experts advise please ?
> 
> Will you take advice from me, too?

  That's good advice. Thanks much for the detailed info!
  And thanks all that nicely replied.

Yanping
 
> 
> >   I know NTP hosts work in a hierachy way, i.e. NTP client synced from
> > a stratum N ntp server could act as a stratum N+1 ntp server itself.
> > I wonder whether I can configure the NTP client to work in "client
> > mode" only, and do not provide stratum N+1 ntp server functionality to
> > other hosts. Is there a configuration item for this ?
> 
> Not by itself, but you can set up a combination of "restrict" items to
> do what you want.
> 
> You start by totally plugging NTP's ears with "restrict default ignore".
> That closes off everything (ignore) for everybody (default), servers and
> clients alike.
> 
> Then you have to un-restrict any servers you want to use. For example,
> "restrict ntp.isp.mine". Because this is a more specific restriction, it
> overrides the one for "default", and it overrides "ignore" with an empty
> set of restrictions. So this server is no longer restricted at all. If
> that's not what you want, configure what you do want instead.
> 
> The restrict statement can work on ranges of IP addresses by including
> the "mask" keyword. "Restrict 192.168.253.0 mask 255.255.255.0" sets
> no-restrictions for IP addresses 192.168.253.x.
> 
> Less restrictive things than a total "ignore" can be built from other
> available keywords, which I haven't mentioned here at all.
> 
> Surf to ntp.isc.org, "NTP support" (under "Webs" in the left pane),
> section 6 "Configuring NTP", section 6.4 "ntpd access restrictions".
> That's where I looked it up.
> 
> Groetjes,
> Maarten Wiltink
> 
> 
> _______________________________________________
> questions mailing list
> questions at lists.ntp.isc.org
> https://lists.ntp.isc.org/mailman/listinfo/questions
> 



More information about the questions mailing list