[ntp:questions] Linux client ntp
castellani.riccardo at tiscali.it
Sat Apr 14 14:51:11 UTC 2007
I thought with "restrict default ignore" settings it was more secure for client, which will reject all packets except for server A/B.
At this time I suppose that "restrict default nomodify nopeer notrap noquery" setting can permitting to client to synchronize itself to server A/B but will not refuse those packets (malicious) which could be sent from other machines (different from A/B server).
Do you agree ?
"restrict default nomodify nopeer notrap noquery".
According to ntpd manual, "nomodify" doesn't permit to modify daemon state but I don't understand how ntpd can adjust clock;
that is what's option which permits ntpd to modify local clock time ?
Does it exist specific option to add "restrict default nomodify nopeer notrap noquery" to avoid ntpd can set local clock ?
restrict default nomodify nopeer notrap noquery
I want my client asks time to A,B,C servers but only A,B answers have privileges to ntpd can set local clock.
Server C answers must reach ntpd but not authorize to set local clock.
----- Original Message -----
From: Richard B. gilbert
To: questions at lists.ntp.isc.org
Sent: Friday, April 13, 2007 3:59 PM
Subject: Re: [ntp:questions] Linux client ntp
Steve Kostecke wrote:
> On 2007-04-13, RICCARDO <castellani.riccardo at tiscali.it> wrote:
>>I want to use ntpd -qg, it could be right this ntp.conf for my Linux
>>restrict default ignore
>>restrict server A
>>restrict server B
> You could simplify this greatly by replacing all of those restrict lines
> with this:
> restrict default nomodify nopeer notrap noquery
> Please see http://ntp.isc.org/Support/AccessRestrictions
> When you only have two clocks there is no way of knowing which is
> correct. Either use 1 or 3 or more.
Four or more are better! Three servers degenerate too easily to the two
server case. Four servers will be somewhat more robust.
questions mailing list
questions at lists.ntp.isc.org
More information about the questions