Semi-urgent: Disable NTP replies?
Ronald F. Guilmette
rfg at tristatelogic.com
Tue Feb 18 23:08:36 UTC 2014
OK, so I _partially_ answered my own question, just by doing what I should
have done to begin with, i.e. perusing my current /etc/ntp.conf file.
It contains the following, but this STILL doesn't really answer my question:
==========================================================================
...
# The following three servers will give you a random set of three
# NTP servers geographically close to you.
# See http://www.pool.ntp.org/ for details. Note, the pool encourages
# users with a static IP and good upstream NTP servers to add a server
# to the pool. See http://www.pool.ntp.org/join.html if you are interested.
#
# The option `iburst' is used for faster initial synchronisation.
#
server 0.freebsd.pool.ntp.org iburst
server 1.freebsd.pool.ntp.org iburst
server 2.freebsd.pool.ntp.org iburst
...
# Security: Only accept NTP traffic from the following hosts.
# The following configuration example only accepts traffic from the
# above defined servers.
#
# Please note that this example doesn't work for the servers in
# the pool.ntp.org domain since they return multiple A records.
# (This is the reason that by default they are commented out)
#
#restrict default ignore
#restrict 0.pool.ntp.org nomodify nopeer noquery notrap
#restrict 1.pool.ntp.org nomodify nopeer noquery notrap
#restrict 2.pool.ntp.org nomodify nopeer noquery notrap
#restrict 127.0.0.1
#restrict -6 ::1
#restrict 127.127.1.0
...
==========================================================================
OK, good. So I have a way of telling ntpd not to accept queries from
anyplace other than a set of specific hosts... which can be specified
either by name or by IP address. That's swell, HOWEVER...
Am I the only guy in the universe who has noticed that the specific host
names in that lower (security) part do not match the ones in the upper
part?
Is this going to be a problem?
Should I uncomment that whole "security" section AND also change the
specific host names mentioned in there so that the match the ones above...
you know... the names of the actual servers that I am drawing time data
from?
More information about the freebsd-questions
mailing list