[ntp:questions] Kiss-O'-Death

Steve Kostecke kostecke at ntp.org
Thu Jun 26 00:07:35 UTC 2008

On 2008-06-25, Bob <bobsjunkmail at bellsouth.net> wrote:
> How exactly do you configure NTP to send a KOD?

1. Add the appropriate restrict line to ntp.conf; do this even if you
don't restart ntpd so that the restriction will survive future restarts.

2. Either:

	a. restart ntpd

	b. use ntpdc to add the restriction

To use ntpdc to make on the fly configuration changes you have to either
(a) set up symmetric keys or (b) disable authentication.

Then you can:

$ ntpdc your_server
ntpdc> keyid N
ntpdc> passwd
MD5 Password: *****
ntpdc> restrict bad.ip.address kod

> I'm a se[r]ver in the pool. I've got two remote clients that are
> querying at a rate of several times a minute. Sometimes their queries
> are spaced wider, but sometimes they hit me spaced at only a few
> seconds apart. I can block them in my router, but they'd still be
> sending traffic my way. I'd like to see if KOD makes them go away.
> Reading the docs, it appears that I need to mod ntp.conf and add
> restrict x.x.x.x kod, but then I'd need to restart the service.

A warm restart of a properly configured ntpd interrupts service for less
than 30 seconds. That's hardly a show-stopper for a best-effort service
such as a pool server.

A properly configured ntpd uses 'iburst' on the server lines and has a
valid drift file.

Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/

More information about the questions mailing list