Hello everyone, for unauthenticated peers, there is the restrict nopeer directive that stops unknown peers to initialize dynamic symmetric associations with an NTP server. However, from my own tests in my lab (and from NTP documentation), it seems that nopeer does not pertain to authenticated peers. In my lab, I saw this: If server A knows the authentication key of Server B and has a peer IP_address_of_server_B directive in its ntp.conf, A is able to form a dynamic symmetric association with server B even if server B has no configuration for server A at all, and server B lists server A in its association table (ntpq -p, type shown as S).
Do you know if there are any means to configure server B so that it does not allow server A to mobilize a dynamic symmetric association (meaning B should still provide time services to A, but should not consider A as a time source)? Maybe there is a similar option to nopeers, but I cannot find any in NTP documentation. Stefan _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
