[ntp:questions] Linux client ntp
Riccardo Castellani
castellani.riccardo at tiscali.it
Sat Apr 14 14:51:11 UTC 2007
1.
I thought with "restrict default ignore" settings it was more secure for client, which will reject all packets except for server A/B.
At this time I suppose that "restrict default nomodify nopeer notrap noquery" setting can permitting to client to synchronize itself to server A/B but will not refuse those packets (malicious) which could be sent from other machines (different from A/B server).
Do you agree ?
2.
"restrict default nomodify nopeer notrap noquery".
According to ntpd manual, "nomodify" doesn't permit to modify daemon state but I don't understand how ntpd can adjust clock;
that is what's option which permits ntpd to modify local clock time ?
Does it exist specific option to add "restrict default nomodify nopeer notrap noquery" to avoid ntpd can set local clock ?
example:
restrict default nomodify nopeer notrap noquery
server A
server B
server C
I want my client asks time to A,B,C servers but only A,B answers have privileges to ntpd can set local clock.
Server C answers must reach ntpd but not authorize to set local clock.
----- Original Message -----
From: Richard B. gilbert
Newsgroups: comp.protocols.time.ntp
To: questions at lists.ntp.isc.org
Sent: Friday, April 13, 2007 3:59 PM
Subject: Re: [ntp:questions] Linux client ntp
Steve Kostecke wrote:
> On 2007-04-13, RICCARDO <castellani.riccardo at tiscali.it> wrote:
>
>
>>I want to use ntpd -qg, it could be right this ntp.conf for my Linux
>>client ?
>
>
>>restrict default ignore
>>restrict 127.0.0.1
>>restrict server A
>>restrict server B
>
>
> You could simplify this greatly by replacing all of those restrict lines
> with this:
>
> restrict default nomodify nopeer notrap noquery
>
> Please see http://ntp.isc.org/Support/AccessRestrictions
>
>
>>server A
>>server B
>
>
> When you only have two clocks there is no way of knowing which is
> correct. Either use 1 or 3 or more.
>
Four or more are better! Three servers degenerate too easily to the two
server case. Four servers will be somewhat more robust.
_______________________________________________
questions mailing list
questions at lists.ntp.isc.org
https://lists.ntp.isc.org/mailman/listinfo/questions
More information about the questions
mailing list