On Tue, 22 Aug 2023 at 18:48, Edward McGuire <met...@gmail.com> wrote:
> ntpq> :config restrict 17.253.2.123 ignore > ntpq> :config unpeer 17.253.2.123 > > ultimately doesn't work. The "unpeer" drops the pool peer, but later the > pool peer is "rediscovered" despite the "restrict ignore". Apparently the > client maintains the association indefinitely. Evidence for this is that > "ntpdc -n -c reslist" returns: > > 17.253.2.123 255.255.255.255 0 ignore > 17.253.2.123 255.255.255.255 366 source, noquery, nomodify, > notrap, limited, kod > > The first entry is the "restrict ignore" ACE I entered manually. The > second is the "restrict source" ACE that still exists even after the > "unpeer". > If that restrict source entry outlives the unpeer that's definitely a bug to be fixed as well. If you see it only when that server is actually being used, that's expected as things stand but I'd like to change it so we wouldn't use a pool server with an "ignore" restriction already in place.
