On Dec 30, 2013, at 22:11, Brian Rak <[email protected]> wrote: > Can we get this information added to the pool configuration > recommendations?http://www.pool.ntp.org/join/configuration.html
Yes. I'd been asked to wait (many many weeks ago, frustratingly), but the cat is most definitely out of the bag and I don't see what the point is anymore. I agree that whatever coordinated response is being worked on doesn't have the appropriate urgency, so let's do what we can. In my working copy for the site I have the patch below. Any additions/changes/suggestions would be welcome and I'll see if I can push it up tomorrow. To start I'll just have all the translations have the English version; we don't really have a process to make sure things get translated so in this case I'll put in the English text as the "better than risk missing it" option. I actually have also built a little tool to automatically check the pool servers for this and show a warning message on the manage page; my plan was to build something to email the operators with (now) misconfigured servers, too. Ask diff --git a/docs/ntppool/en/join/configuration.html b/docs/ntppool/en/join/configuration.html index 1dca244..754ae11 100644 --- a/docs/ntppool/en/join/configuration.html +++ b/docs/ntppool/en/join/configuration.html @@ -23,6 +23,22 @@ Below are some things of particular importance if you are going to join the NTP Pool with your server. </p> +<h4>Management queries</h4> + +<p>Make the default configuration be to not allow "management queries". For ntpd this will be adding the "noquery" option to the default "res + +<pre> +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery +</pre> + +<p>To allow commands like "ntpq -c pe" to work from localhost you can add:</p> + +<pre> +restrict 127.0.0.1 +restrict -6 ::1 +</pre> + <h4>Setup about 5 servers</h4> <p> _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
