[ntp:questions] symmetric active while configurion uses server mode, RFC compliant or not?
Brian Utterback
brian.utterback at oracle.com
Sat May 18 18:10:45 UTC 2013
On 5/18/2013 3:14 AM, Joe the Shmoe wrote:
> Zooming on these I see two types of requests:
> - received symmetric active from unconfigured hosts, which get answered
> by symmetric passive from my host. Here the point I do not understand is
> that the NTP server is configured in a way to "Deny packets that might
> mobilize an association unless authenticated." Shouldn't the server
> ignore the request rather than answering them by a symmetric passive
> message?
This is non-intuitive and arguably incorrect according to the RFC, but
it is the programmed behavior. There was a time when all Windows
clients used symmetric active mode, so to work around that ntpd with
nopeer configured responded with symmetric active mode packets but did
not mobilize the association. I don't know if they still use symmetric
active by default. Perhaps this should be revisited.
>
> - Other symmetric active requests come from the server itself toward one
> of the 5 configured hosts. But the server only makes use of "server" in
> the configuration (no "peer" statement). This occurs after a first NTP
> client request to that configured host which get answered by two NTP
> server from the configured host.
Can you post the traces? I am not sure I follow.
Brian.
More information about the questions
mailing list