BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Major Clock Drift

Subject: Major Clock Drift
From: lyons at digitalvoodoo.org (Timothy M. Lyons)
Date: Thu Aug 26 20:10:01 2004
References: <DA78B37E-F796-11D8-9750-000A95DA60F4@offthehill.org> <20040826194031.GE16891@tao.merseine.nu> <BC59497A-F798-11D8-9750-000A95DA60F4@offthehill.org> <412E414A.9080400@banta-im.com> <041D606D-F7A0-11D8-9750-000A95DA60F4@offthehill.org> <412E4DE2.1060308@gabrielmass.com>

The following is a fairly benign ntpd.conf config which will restrict all 
access then allow limited
access from your timeservers.

Replace the timeservers below with whatever you Use (you can use IP or name).

--Tim

----- Original Message ----- >
> I think ntp.conf can include directives to make the server daemon (ntpd) 
> ignore requests from other machines, so it is possible to run it and be 
> confident about its safety.

# Prohibit general access to this service.
restrict default ignore

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1

# --- OUR TIMESERVERS ----- 
# or remove the default restrict line
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.

#FORMAT
# restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap noquery
# server mytrustedtimeserverip

restrict 18.145.0.30 mask 255.255.255.255 nomodify notrap noquery
restrict 132.163.4.100 mask 255.255.255.255 nomodify notrap noquery
restrict 192.5.41.41 mask 255.255.255.255 nomodify notrap noquery
restrict 192.5.41.40 mask 255.255.255.255 nomodify notrap noquery

server 192.5.41.41
server 192.5.41.40
server 192.43.244.18
server 18.145.0.30

#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /var/lib/ntp/drift
broadcastdelay  0.008

Follow-Ups:
- Major Clock Drift
  - From: pardsbane at offthehill.org (Josh Pollak)

References:
- Major Clock Drift
  - From: pardsbane at offthehill.org (Josh Pollak)
- Major Clock Drift
  - From: dsr at tao.merseine.nu (dsr at tao.merseine.nu)
- Major Clock Drift
  - From: pardsbane at offthehill.org (Josh Pollak)
- Major Clock Drift
  - From: mvalites at banta-im.com (Matthew Valites)
- Major Clock Drift
  - From: pardsbane at offthehill.org (Josh Pollak)
- Major Clock Drift
  - From: rac at gabrielmass.com (Richard Chonak)

Prev by Date: AIX architecture problems
Next by Date: Major Clock Drift
Previous by thread: Major Clock Drift
Next by thread: Major Clock Drift
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org