[ntp:questions] systems won't synchronize no matter what

Steve Kostecke kostecke at ntp.org
Thu Oct 28 11:36:00 UTC 2010


On 2010-10-28, Null at BlackList.Anitech-Systems.invalid wrote:
> Florin Andrei wrote:
>>  above would be great. Would have saved me a lot of trouble.
>
> restrict source ...
>  has been around since ntp 4.2.7p22 (01-Apr-2010)?

NTP4 v2.7.22

>  However you are using ntp 4.2.2p1-7 (08-Jul-2006) ?

NTP4 v2.2.1-7

The prepackaged versiom of NTP shipped by most OSes does tend to be a
bit old. We do provide Debian packages of the current ntp-dev snapshot
(binary i386 on Stable, and source debs). The Debian Testimg release
usually ships a relatively recent stable relase of NTP (which can be
used on a "stable" machine through "apt pinning".

>> restrict 10.10.16.64 noquery
>> restrict 10.10.16.65 noquery
>
> So, those server can't get time from yours, but they can change your
> running conf

Not unless you either (a) start ntpd with -A to disable NTP auth or (b)
you configure symmetric keys for remote control _and_ the remote end has
that information.

> and request to be a trap?

Which is only a monitor.

>> # now close the door
>> restrict default ignore
>
> I would have done it in the opposite order,
>  (default ignore, before allows), perhaps it doesn't matter.

The order does not matter.

-- 
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/




More information about the questions mailing list