[ntp:questions] Re: recvfrom(0.0.0.0) fd=51: Connection refused
Danny Mayer
mayer at ntp.isc.org
Mon Sep 11 02:29:14 UTC 2006
Luc Pardon wrote:
> Hmmm, yes. And further down it says:
>
> You may use either a hostname or IP address on the server line.
> You must use an IP address on the restrict line.
>
> This must be a mistake in that page. See the official docs at:
>
Yes, that is a mistake. However, due to the current implementation you
need to be careful if the name has more than one A or AAAA record,
particularly if it has both since the restrict line can pick up a
different IP address than the one used on the server line.
> http://www.eecis.udel.edu/~mills/ntp/html/accopt.html
>
> where it says:
>
> restrict address [mask mask] [flag][...]
> The address argument expressed in dotted-quad form is
> the address of a host or network. Alternatively, the
> address argument can be a valid host DNS name.
>
> If you couldn't use hostnames, it would render access restrictions
> rather useless. Many public servers ask that you use DNS names rather
> than IP addresses. It doesn't seem to make sense to query them using the
> hostname and "restrict" (allow the replies in) using a (volatile) IP.
>
> Furthermore, hostnames work just fine, the replies are accepted. Have
> been for at least five years or so.
>
No, you are correct.
> That doesn't mean I'm not willing to change it if that helps diagnose
> the problem.
>
It's unrelated.
Danny
More information about the questions
mailing list