[ntp:questions] ntpd access restrictions: Server allowed works only with ipaddress

David Lord snews at lordynet.org
Fri Mar 28 14:14:43 UTC 2014


Witt, Stefan wrote:
> Hello, looking for an answer of the following misbehaviour:
> 
> Server entries are only valid and accepted if I use ip-address and not if I user fqdn of the timeserver1/2!
> Resolving of Timeserver-fqdn is successful!
> 
> Do anybody have an explanation of this unexpected behavior?
> 
> the ntp.conf looks quite like that:
> 
> ##########
> restrict 0.0.0.0 mask 0.0.0.0 nomodify nopeer
> ##########
> 
> # driftfile ist sehr empfehlenswert wg. Reboot-Situationen
> driftfile /etc/inet/ntp.drift
> 
> ################################
> server 127.127.1.1
> fudge  127.127.1.1 stratum 5
> 
> ### internal timeserver:
> ##server fqdn-timeserver1 prefer
> ##server fqdn-timeserver2
> 
> # internal  timeserver:
> server <ipv4-adress-timeserver1> prefer
> server <ipv4-adress-timeserver2>
> #########################################################################

Hi

I don't really understand your ntp.conf

Ntp works with ip addresses because fqdn can sometimes map to
more than one ip address.

ntp.conf from one of my systems:
###########################################
# 20140118
restrict -6 default limited nomodify notrap nopeer noquery
restrict -4 default limited nomodify notrap nopeer noquery
restrict source
restrict -6 <my ipv6 address block>
restrict -4 <my ipv4 address block and mask>
restrict -6 ::1
restrict 127.0.0.1 mask 255.255.255.255
pidfile    /var/run/ntpd.pid
driftfile  /var/db/ntp/ntpd.drift
keys       /etc/ntp/ntp.keys
logfile    /var/log/ntp/ntp.log
logconfig  +allsync +allclock
keysdir    /etc/ntp/keys
statsdir   /var/log/ntp/stats
statistics loopstats peerstats sysstats
filegen loopstats file loopstats type day link enable
filegen peerstats file loopstats type day link enable
filegen sysstats  file sysstats  type day link enable
trusted key 1 2 3 4 5
request key 1
control key 1
tos     minsane 3
tos     orphan 12
tos     mindist 0.03
peer   -4 a_local_pc        minpoll  4  maxpoll  6  iburst
server -4 a_local_pc2       minpoll  4  maxpoll  6  iburst  prefer
server -4 ntp0.<mydomain2>  minpoll  6  maxpoll  8  iburst
server -4 ntp1.<mydomain>   minpoll  6  maxpoll  8  iburst
server -4 ntp2.<mydomain2>  minpoll  6  maxpoll  8  iburst
server -4 ntp3.(mydomain>   minpoll  6  maxpoll  8  iburst
########################################

I lost ipv6 in 2012 for various reasons (network/pcs meltdown)
and not yet got it back.


David



More information about the questions mailing list