[ntp:questions] adding access restrictions to the windows ntp config

David Lord snews at lordynet.org
Wed Feb 15 23:00:52 UTC 2012


E-Mail Sent to this address will be added to the BlackLists wrote:
> Ron Frazier (NTP) wrote:
>> In my research operating ntpd on Windows and Linux, I
>>  discovered that the default ntp.conf installed by
>>  Meinberg does not have any access restrictions.
>> I think it would be a good idea to add this to your file
>>  unless you require more liberal access for your LAN, etc.
>> This is the default setup for my Ubuntu Linux machines.
>>
>> # By default, exchange time with everybody, but don't allow configuration.
> ----------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> restrict -4 default kod notrap nomodify nopeer noquery
>> restrict -6 default kod notrap nomodify nopeer noquery
> -------------------------------------------------^^^^^^^
>> # allow unrestricted access from the localhost (so that you may monitor ntpd
>> # and perform on-the-fly configuration changes with ntpdc)
>> # Local users may interrogate the ntp server more closely.
>> # IPv4
>> restrict 127.0.0.1
>> # IPv6
>> restrict -6 ::1
> 
> Unless I misreading the above (somehow),
>  that would be a client only config,
>  as it would not permit queries by _any_ other clients.
> 
> 
> What about e.g. restrict source nomodify ?
>  ... to avoid issues when configuring servers / pools
>       where the DNS query may return more than one IP?
> 

Noquery prevents ntpq requests rather than time requests.
At least the pool monitoring didn't complain when I added
two servers late 2009 when the ntp.confs had:
"restrict default noquery"

As from Oct 23 2011 they have had:
"restrict default limited kod nomodify notrap nopeer"


David



More information about the questions mailing list