[ntp:questions] Reference clock all messed up?

Adam Bolte bolad03 at ca.com
Sun Nov 11 22:09:28 UTC 2007

Hash: SHA1

Hi Danny,

> Add iburst to this line for faster synchronization
Thanks, but being an PDC I really didn't want the clock to change too
quickly. This may seem strange not already having NTP, but the network setup
has recently changed which is what broke NTP in the first place.

>> driftfile /var/db/ntpd.drift
>> # by default ignore all ntp packets
>> restrict default ignore
> Why would you want to ignore all packets?

All but the exceptions underneath. I don't want untrusted networks messing
with my NTP server. I don't control the firewall, so I want to do what I can
in the NTP config. Even if I did, I would rather this in case the firewall
ever breaks.

>> # allow localhost
>> restrict mask
> If you don't have the previous line you don't need this line and the
> netmask is redundant here.

I'm aware, however specifying everything is preferable to me should the
defaults change.

> I assume all of these subnets are what you want to control. Where is the
> line to allow to send packets and modify the clock. Your
> restrict statements are what's killing you.

Thanks again, but Hal beat you to it a few days ago.

> Add -g to the command line to get it to initially no panic and to set
> the clock.
Again, not sure if this is safe on a PDC.

> stratum 16 means that it's not synchronized and so it not allowing any
> client to get synchronization from it.
> leap 11 makes no difference since the clock is not synchronized to anything.
>> Again on an NTP client box:
>> $ sudo ntpdate -d
>>  5 Nov 18:28:39 ntpdate[20392]: ntpdate 4.2.4p0 at 1.1472-o Thu Oct  4 22:22:32
>> stratum 4, precision -19, leap 00, trust 000
> This system is synchronized as a stratum 4 box.
> You should use ntpq to look at your servers and not ntpdate.

Thanks for the pointers.

- -Adam
Version: GnuPG v1.4.6 (GNU/Linux)


More information about the questions mailing list