[ntp:questions] Re: "restrict" option : help

Jojo jdptr at cleanthisfree.fr
Fri Jun 24 09:52:27 UTC 2005


Richard B. Gilbert a écrit :
> Jojo wrote:
> 
>> Hi,
>>
>> i don't understand what's wrong, i explain :
>>
>> i have a ntp server serving my company.
>> it's wide open to the internet and I want to restrict this.
>>
>> this is my ntp.conf :
>>
>> # deny access to all by default
>> restrict default ignore
>>
>> # me
>> restrict 127.0.0.1
>>
>> # me, directly connected to the internet
>> restrict my.ntp.server.ip
>>
>> # my network
>> restrict 172.16.0.0 mask 255.255.0.0 nomodify
>>
>> # stratum 2 server
>> server ntp.johndoe.com
>>
>>
>>
>> The problem is when I use ntpq -p
>> I see that ntp.johndoe.com stratum value is 16 (meaning unaccessible).
>>
>> Have you got tips about this issue ?
> 
> 
> It's not clear from your message if you have done this or not!
> 
> Add
> restrict <numeric IP address of ntp.johndoe.com> 255.255.255.255 nomodify.
> 
> You MUST use the numeric IP address in each restrict statement!!  If
> "# me, directly connected to the internet
> restrict my.ntp.server.ip "
> was intended to represent the actual numeric address, it was not 
> sufficiently clear.
> 

Hi,

No I didn't, but I thought (since I use the statement "server 
ntp.johndoe.com" ) it should have worked.

To use the IP address instead of DNS name in all restrict 
statement is quite embarrasing, since the IP can change in 
future. What do you think ?



More information about the questions mailing list