Module Name: src
Committed By: apb
Date: Tue Jan 14 13:23:46 UTC 2014
Modified Files:
src/etc: ntp.conf
Log Message:
Don't try to use server-specific "restrict" settings;
they do not work when the server is specified by domain name
and the name is associated with multiple IP addresses.
This also means that uncommenting "restrict default ignore"
will not work, so remove the comments suggesting that.
Also edit some other comments.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/etc/ntp.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/ntp.conf
diff -u src/etc/ntp.conf:1.18 src/etc/ntp.conf:1.19
--- src/etc/ntp.conf:1.18 Mon Jan 6 11:26:06 2014
+++ src/etc/ntp.conf Tue Jan 14 13:23:46 2014
@@ -1,4 +1,4 @@
-# $NetBSD: ntp.conf,v 1.18 2014/01/06 11:26:06 apb Exp $
+# $NetBSD: ntp.conf,v 1.19 2014/01/14 13:23:46 apb Exp $
#
# NetBSD default Network Time Protocol (NTP) configuration file for ntpd
@@ -50,20 +50,18 @@ mdnstries 0
# ntpq or ntpdc queries.
# noquery Deny all ntpq and ntpdc queries. Does not affect time
# synchronisation.
-# nopeer Prevent establishing an new peer association.
-# Does not affect preconfigured peer associations.
+# nopeer Prevent establishing new peer associations.
+# Does not affect peers configured using "peer" lines.
# Does not affect client/server time synchronisation.
# noserve Deny all time synchronisation. Does not affect ntpq or
# ntpdc queries.
# notrap Deny the trap subset of the ntpdc control message protocol.
# notrust Deny packets that are not cryptographically authenticated.
#
-# By default, either deny everything, or allow client/server time exchange
-# but deny configuration changes, queries, and peer associations that were not
-# explicitly configured.
-# (Uncomment one of the following "restrict default" lines.)
+# By default, allow client/server time exchange without prior
+# arrangement, but deny configuration changes, queries, and peer
+# associations that were not explicitly configured.
#
-#restrict default ignore
restrict default kod nopeer noquery
# Fewer restrictions for the local subnet.
@@ -84,23 +82,18 @@ restrict ::1
# and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers>
# for advice.
#
-# Peers should be selected in such a way that the network path to them
-# is short, uncongested, and symmetric (that is, the series of links
-# and routers used to get to the peer is the same one that the peer
-# uses to get back). The best place to start looking for NTP peers for
-# your system is within your own network, or at your Internet Service
-# Provider (ISP).
+# Peers or servers should be selected in such a way that the network
+# path to them is short, uncongested, and symmetric (that is, the series
+# of links and routers used to get to the peer is the same one that
+# the peer uses to get back). The best place to start looking for NTP
+# peers for your system is within your own network, or at your Internet
+# Service Provider (ISP).
#
# Ideally, you should select at least three other systems to talk NTP
# with, for an "what I tell you three times is true" effect.
-#
-# A "restrict" line for each configured peer or server might be necessary,
-# if the "restrict default" settings are very restrictive. As a courtesy
-# to configured peers and servers, consider allowing them to query.
#peer an.ntp.peer.goes.here
#server an.ntp.server.goes.here
-#restrict an.ntp.server.goes.here nomodify notrap
# The pool.ntp.org project coordinates public time servers provided by
# volunteers. See <http://www.pool.ntp.org>. The *.netbsd.pool.ntp.org
@@ -117,10 +110,6 @@ restrict ::1
#
server 0.netbsd.pool.ntp.org
-restrict 0.netbsd.pool.ntp.org nomodify notrap
server 1.netbsd.pool.ntp.org
-restrict 1.netbsd.pool.ntp.org nomodify notrap
server 2.netbsd.pool.ntp.org
-restrict 2.netbsd.pool.ntp.org nomodify notrap
server 3.netbsd.pool.ntp.org
-restrict 3.netbsd.pool.ntp.org nomodify notrap
