[ntp:questions] just joined the pool, a check list
Dennis Hilberg, Jr.
timekeeper at dennishilberg.com.invalid
Wed Nov 7 21:02:32 UTC 2007
Cyrille37 wrote:
> Hello
> I've just joined the pool with a server running ntpd 4.2.4p4.
> I would like to have done well, so I post here the configuration for
> comments if needed.
>
> 1/ ntpd is lauched with option -g
>
> 2/ here is ntpd.conf :
>
> statsdir /var/log/ntpstats/
> statistics loopstats peerstats clockstats
> filegen loopstats file loopstats type day enable
> filegen peerstats file peerstats type day enable
> filegen clockstats file clockstats type day enable
Since you aren't running a clock driver, clockstats won't generate anything.
> driftfile /etc/ntp.drift
I've been told it's bad practice to allow ntpd to write to /etc . You
should use /var/lib/ntp.drift or something similar.
You also don't have a logfile specified.
> server ntp.via.ecp.fr iburst dynamic
> server ntp.obspm.fr iburst dynamic
> server ntp1.belbone.be iburst dynamic
> server ntp1.kamino.fr iburst dynamic
> server timeserver.ntp.ch iburst dynamic
> server canon.inria.fr
> server ntp.probe-networks.de
According to the documentation, the dynamic option isn't supported in the
current implementation. You should use iburst on all your servers.
> restrict -4 default kod notrap nomodify nopeer noquery
> restrict -6 default kod notrap nomodify nopeer noquery
You don't specify -4 or -6 with restrict. And don't use the 'noquery'
option as that turns off 'ntpq' and 'ntpdc' queries. A lot of operators
like to know information about their clients. Plus, if you set:
restrict default kod notrap nomodify nopeer noquery
You won't be able to query your server from the local machine, unless you
specify a restriction for it.
Set it up like this:
# Default access restrictions (applies to all clients, local or not)
restrict default kod nopeer nomodify notrap
# Allow localhost unrestricted access
restrict 127.0.0.1
So to summarize, here is a fixed ntp.conf:
# Default access restrictions (applies to all clients)
restrict default kod nopeer nomodify notrap
# Allow localhost unrestricted access
restrict 127.0.0.1
server ntp.via.ecp.fr iburst
server ntp.obspm.fr iburst
server ntp1.belbone.be iburst
server ntp1.kamino.fr iburst
server timeserver.ntp.ch iburst
server canon.inria.fr iburst
server ntp.probe-networks.de iburst
driftfile /var/lib/ntp.drift
logfile /var/log/ntp/ntp.log
statsdir /var/log/ntp/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
--
Dennis Hilberg, Jr. timekeeper(at)dennishilberg(dot)com
NTP Server Information: http://saturn.dennishilberg.com/ntp.php
More information about the questions
mailing list