NTP does not handle restrict on pool server correctly

1.6k views Asked by At

If I am running ntp (via ntp.conf) heavily restricted, I cannot use a pool for a server. Why? Because the call to restrict (to allow access for the pool) seems to be another DNS Lookup, which returns another IP value than what was used to originally call the server. Please show me that I am wrong/being stupid about this.

Crude Example (portion of ntp.conf):

server 0.debian.pool.ntp.org iburst
restrict default ignore
restrict -6 default ignore
restrict 0.debian.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery

This does not work (I think) because DNS calls to 0.debian.pool.ntp.org return different IP addresses and thus the wrong IP address is allowed via the (poorly named) restrict.

1

There are 1 answers

2
dfc On BEST ANSWER

Use the builtin source alias/directive/whatever:

restrict source nomodify notrap noquery

Updatedd to include documentation for source:

restrict source configures a template restriction automatically added
at runtime for each association, whether configured, ephemeral, or
preemptible, and removed when the association is demobilized.

From: http://www.eecis.udel.edu/~mills/ntp/html/accopt.html#restrict