FAQ
Hi,

I'm currently sinking my teeth into NTP, to build a local time server.
So far, configuring a local NTP server and getting the clients to
connect to it works well. Now, I'm thinking about securing the whole
thing. BTW, I made a copy of the original ntp.conf file and started my
own from scratch.

Right now, I have five printed books opened on the corresponding
chapters (Carla Schroder's Linux Cookbook, RHEL 5 Unleashed, Foundations
of CentOS, etc.) plus the same amount of online tutorials.

Right now I'm having a bit of a hard time grasping the various access
control options. Here's a few lines from ntp's default configuration in
CentOS :

--8<------ /etc/ntp.conf -----------------------------------------------
...
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org

...
restrict 0.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 2.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
...
--8<--------------------------------------------------------------------

This means roughly : "use these three public NTP servers to synchronize,
but don't let them mess with your configuration".

Now, here's something from NTP's official documentation :

You may use either a hostname or IP address on the 'server' line. You
*must* use an IP address on the 'restrict' line.

Here's the according link to the documentation :

http://support.ntp.org/bin/view/Support/AccessRestrictions

Which leads me to the assumption that these three 'restrict' lines in
the default ntp.conf configuration in CentOS are useless, since they
specify hostnames, and not IP addresses. Correct me if I'm wrong.

Cheers,

Niki

Search Discussions

  • Drew at Jul 31, 2010 at 6:19 pm

    --8<------ /etc/ntp.conf -----------------------------------------------
    ...
    server 0.centos.pool.ntp.org
    server 1.centos.pool.ntp.org
    server 2.centos.pool.ntp.org

    ...
    restrict 0.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
    restrict 1.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
    restrict 2.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
    ...
    --8<--------------------------------------------------------------------

    This means roughly : "use these three public NTP servers to synchronize,
    but don't let them mess with your configuration".
    No.

    The "server" lines are to tell NTP what servers to query to keep it's
    own clock in sync. The "restrict" lines are used to limit which ntp
    clients are allowed to use your server to sync their clock and what
    alterations (if any) the client can make to your server.


    --
    Drew

    "Nothing in life is to be feared. It is only to be understood."
    --Marie Curie

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos @
categoriescentos
postedJul 31, '10 at 9:57a
activeJul 31, '10 at 6:19p
posts2
users2
websitecentos.org
irc#centos

2 users in discussion

Niki Kovacs: 1 post Drew: 1 post

People

Translate

site design / logo © 2021 Grokbase