Hi,
On 02/16/2014 11:56 PM, Nyamul Hassan wrote:
>>> restrict default limited kod notrap nopeer
>>
>> Add noquery to the above list
>>
> Yes, we could. But, some people on this list believe that "noquery" also
> restricts certain use cases, which as "Pool Servers" we should be able to
> accommodate. What do you think?
The network monitoring functions were an optional part of version 3 of the NTP
standard, as described in appendix B of the obsoleted RFC 1305
http://tools.ietf.org/html/rfc1305#appendix-B
That appendix is intended for (local) network management (like SNMP), not for
use
over the global internet.
The NTPv3 RFC has been obsoleted by RFC 5905 (NTPv4) that only mentions packet
type
6 as NTP control message, but it does not define any use and it does not
describe
the control message format.
http://tools.ietf.org/html/rfc5905#section-7.3
So, in my opinion and as others suggested you are free to block all (now ntpd
implementation specific) control messages, while still conforming to the
standard.
In the past 8+ years I have a server in the pool, I always had 'noquery' _and_ I
dropped type 6 packets at the firewall using iptables (IPv4 only).
Arnold
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
