[ntp:questions] Reference clock all messed up?

Danny Mayer mayer at ntp.isc.org
Sat Nov 17 05:02:04 UTC 2007


Adam Bolte wrote:
> Hi Danny,
> 
>> Add iburst to this line for faster synchronization
> Thanks, but being an PDC I really didn't want the clock to change too
> quickly. This may seem strange not already having NTP, but the network setup
> has recently changed which is what broke NTP in the first place.
> 

The iburst option has nothing to do with changing quickly. It has to do
with initial synchronization with the remote NTP server. If you are that
worried about changes happening too quickly add the -x option to slew
always. I don't recommend it even on a PDC.

>>> driftfile /var/db/ntpd.drift
>>>
>>> # by default ignore all ntp packets
>>> restrict default ignore
>>>
>> Why would you want to ignore all packets?
> 
> All but the exceptions underneath. I don't want untrusted networks messing
> with my NTP server. I don't control the firewall, so I want to do what I can
> in the NTP config. Even if I did, I would rather this in case the firewall
> ever breaks.
> 

If the firewall breaks NTP is the least of your problems. I'd hardly be
worrying about that.

>> Add -g to the command line to get it to initially no panic and to set
>> the clock.
> Again, not sure if this is safe on a PDC.
> 

It's perfectly safe.

Danny



More information about the questions mailing list