[ntp:questions] Servers with identical ntp.conf keep falling out of sync
mayer at ntp.isc.org
Wed Jan 17 16:16:06 UTC 2007
Tom Smith wrote:
> Steve Kostecke wrote:
>> On 2007-01-17, shoppa at trailing-edge.com <shoppa at trailing-edge.com> wrote:
>>> Steve Kostecke wrote:
>>>> This won't work at all. You've told ntpd to ignore all NTP packets from
>>>> any possible source. And you've not told it to accept NTP packets from
>>>> your time servers.
>>> Maybe someone can educate me (and Steve you've done a good job at this
>>> in the past), but I see the "I've restricted even the servers I
>>> specified from telling me what time it is" question come up regularly
>>> in these discussions. Is there some website, or some old set of man
>>> pages, or some popular book, or something out there that causes this
>>> same question to occur over and over and over again?
>> It could be an assumption that specifying a server implicitly overrides
>> the default restriction.
>> But it's most likely a combination of poorly documented (and misleading)
>> sample configuration files and impenetrable documentation (which is why I
>> wrote Support.AccessRestrictions).
> "notrust" is a common cause of those questions as well. Its meaning
> was completely changed between 4.1 and 4.2, with the result that
> many existing 4.1 and earlier configuration files and examples
> ceased to work in 4.2.
I'm intending to change the code so that any address listed on a server
or peer line will automatically register it as allowing packets. Note
that this would be the IP address rather than the name so it would be
safe to use pool. Also I'd like to have the restrict statements be able
to use names so that they would be automatically mapped to the IP
address used for the server once the IP address has been found. This
would alleviate most if not all of these issues.
More information about the questions