On Fri, Nov 20, 2015 at 04:40:24PM +0100, Marco Marongiu wrote: > Now I have two options: > 1. remove "kod" altogether > 2. add "limited" > > The defaults for discard seem sensible[3] and adding "limited" shouldn't > result in problems. On the other hand, I am worried that (for example) > local clients using burst/iburst or running ntpdate -q repeatedly for > debugging purposes may be denied the service. Am I just worrying too much? > > What option would you recommend?
I think the recommendation is to not use the limited option at all. Some people reported that it may actually increase the amount of traffic, apparently there are broken clients that send a new request soon after missing a reply. Also, there is a security issue that an attacker can prevent a client from getting replies by sending spoofed packets to the server. See the archive of the ntp-hackers list for more information. -- Miroslav Lichvar _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions