Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 6 Jun 2009 09:42:42 +1000
From:      Edwin Groothuis <edwin@mavetju.org>
To:        "Sean C. Farley" <scf@FreeBSD.org>
Cc:        Ollivier Robert <roberto@FreeBSD.org>, freebsd-net@FreeBSD.org
Subject:   Re: NTP - default /etc/ntp.conf
Message-ID:  <20090605234242.GA3235@mavetju.org>
In-Reply-To: <alpine.BSF.2.00.0906050846160.6209@thor.farley.org>
References:  <20090605124428.GA85576@mavetju.org> <alpine.BSF.2.00.0906050846160.6209@thor.farley.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
First thanks to everybody who replied, I've read it all.

The ntpd.conf in the etc/Makefile was a typo of me.

On Fri, Jun 05, 2009 at 08:52:01AM -0500, Sean C. Farley wrote:
> On Fri, 5 Jun 2009, Edwin Groothuis wrote:
> 
> >After pondering at conf/58595, I came with this text.
> >
> >The ntpd is not enabled by default, so the fact that the servers
> >are commented out should not be an issue.
> >
> >Any objections against adding it to the tree?
> 
> I like it.
> 
> I would also add restrict lines to it since ntp defaults to being open 
> to all packets.
> 
> These would ignore everything except the pools (restricted) and 
> localhost (open):
> restrict default ignore
> restrict pool.ntp.org nomodify nopeer noquery notrap
> restrict pool.ntp.org nomodify nopeer noquery notrap
> restrict 127.0.0.1
> restrict -6 ::1

I'm a little bit worried about the functionality of this in combination
with the round-robin DNS approach of pool.ntp.org:

I have "server 0.pool.ntp.org" in my NTP configuration, which still
only gives me one NTP server in its internals ("dig 0.pool.ntp.org"
gives me five answers, "ntpq -p" gives me one server). Having the
"server 0.pool.ntp.org" in my configuration twice will give it two
NTP servers in its internals. So every hostname gives a different
NTP server IP address.

Now we end up at the restrictions, where it resolves 0.pool.ntp.org
again to a different IP address than the previous two, making it
not willing to accept any traffic from the earlier two hosts in the
server statements.


I don't know yet how to overcome this, except for not adding the
restrict statements when using the pool.ntp.org servers :-/
Suggestions are welcome.

Edwin

-- 
Edwin Groothuis		Website: http://www.mavetju.org/
edwin@mavetju.org	Weblog:  http://www.mavetju.org/weblog/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090605234242.GA3235>