[ntp:questions] Re: recvfrom(0.0.0.0) fd=51: Connection refused

Danny Mayer mayer at ntp.isc.org
Mon Sep 11 02:29:14 UTC 2006


Luc Pardon wrote:
> Hmmm, yes. And further down it says:
> 
>     You may use either a hostname or IP address on the server line.
>     You must use an IP address on the restrict line.
> 
> This must be a mistake in that page. See the official docs at:
> 

Yes, that is a mistake. However, due to the current implementation you
need to be careful if the name has more than one A or AAAA record,
particularly if it has both since the restrict line can pick up a
different IP address than the one used on the server line.

>     http://www.eecis.udel.edu/~mills/ntp/html/accopt.html
> 
> where it says:
> 
>    restrict address [mask mask] [flag][...]
>     The address argument expressed in dotted-quad form is
>     the address of a host or network. Alternatively, the
>     address argument can be a valid host DNS name.
> 
> If you couldn't use hostnames, it would render access restrictions
> rather useless. Many public servers ask that you use DNS names rather
> than IP addresses. It doesn't seem to make sense to query them using the
> hostname and "restrict" (allow the replies in) using a (volatile) IP.
> 
> Furthermore, hostnames work just fine, the replies are accepted. Have
> been for at least five years or so.
> 

No, you are correct.

> That doesn't mean I'm not willing to change it if that helps diagnose
> the problem.
> 

It's unrelated.

Danny



More information about the questions mailing list