Steve Kostecke wrote:
On 2006-04-09, graham <[EMAIL PROTECTED]> wrote:
server <my ISP's ntp server>
driftfile /etc/ntp/drift
restrict default noquery notrust nomodify
restrict 127.0.0.1
the daemon server was querying the ISP server every second.
When I later modified the default restrict to "ignore" it behaved as
expected (ie. every 2^6 seconds).
'restrict default ignore' tells ntpd to ignore NTP packets from
_EVERYONE_ (even your ISP's ntp server).
If it makes a difference this is ntpd version 4.2.0.
notrust, for ntpd 4.2.x, means "ignore NTP packets that are not
cryptographically authenticated."
Oops, yes, missed out "restrict noquery nomodify" for the ISP NTP server
(it's not cryptographically securing its packets, afaik - I'd presumably
have had to configure a key if it was).
So file should have read
server <my ISP's ntp server>
restrict <my ISP's ntp server> noquery nomodify
driftfile /etc/ntp/drift
restrict default noquery notrust nomodify
restrict 127.0.0.1
With the config as shown ntpd queries the ISP server every second; ntpd
-q bangs on for ages (querying ~every second); fails to set the time
correctly;
Changing the default to "ignore"... ntpd queries the ISP server roughly
every 60 secs; ntpd -q fails to set the time correctly.
Commenting out the "restrict default" line entirely makes it behave!
Thoroughly confused, and goodness knows what security restrictions it's
applying.
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
