base ntpd restrict with pool servers

What is the correct way to use restrict clause for the pool servers for the base ntpd

now it's skips all pool servers completely

ntpq -p

Code:
*ntp1.gbg.netnod .PPS.            1 u   45   64  377   90.005   35.606  42.515
+ntp1.mmo.netnod .PPS.            1 u   48   64  365   99.258   35.263  59.837
 gw-pirogovka.mi .INIT.          16 u    -   64    0    0.000    0.000   0.000
 nut.rsuitb.ru.8 .INIT.          16 u    -   64    0    0.000    0.000   0.000
 ntp.mechel-bank .INIT.          16 u    -   64    0    0.000    0.000   0.000

ntp.conf
Code:
restrict default ignore
restrict default ignore
restrict 127.0.0.1
restrict 192.36.133.17 nomodify nopeer noquery notrap
restrict 192.36.134.17 nomodify nopeer noquery notrap
restrict 0.freebsd.pool.ntp.org nomodify nopeer noquery notrap
restrict 1.freebsd.pool.ntp.org nomodify nopeer noquery notrap
restrict 2.freebsd.pool.ntp.org nomodify nopeer noquery notrap

thanks
 
Well of course you can't, you told it not to peer with the pool servers:

From ntp.conf(5):
Code:
nopeer  Deny packets which would result in mobilizing a new asso-
	ciation.  This includes broadcast and symmetric active
	packets when a configured association does not exist.

Try a simple ntp.conf to begin with:
Code:
server freebsd.pool.ntp.org
driftfile /var/db/ntpd.drift
restrict default ignore

That will get peering going, with no other machines able to query your server (the restrict default ignore line).

Once you have peer associations, add a restrict line for your local network:
Code:
restrict <your subnet> mask <your subnet mask> notrust nomodify notrap

Read the Access Control section of the manpage for more info.
 
IMHO nopeer not related when ntp access other peers as client (opposed to full peer) its only for making ur ntpd as peer (server) for others

the problem is pool.ntp.org resolves to random server, that is ntpd has no way to associate it
when i specify IP address it works with nopeer

why then in default ntp.conf
Code:
#restrict default ignore
#restrict 0.pool.ntp.org nomodify nopeer noquery notrap
#restrict 1.pool.ntp.org nomodify nopeer noquery notrap
#restrict 2.pool.ntp.org nomodify nopeer noquery notrap
#restrict 127.0.0.1
#restrict -6 ::1
#restrict 127.127.1.0

that is after i specify IPs look IP address keyed directly in PPS state
so no way to pool*

Code:
ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 ntp1.gbg.netnod .PPS.            1 u    1   64    1  115.353    2.530   0.002
 ntp1.mmo.netnod .PPS.            1 u    1   64    1   80.564   16.431   0.002
 naos.promodev.r .INIT.          16 u    -   64    0    0.000    0.000   0.000
 gw.promodev.ru  .INIT.          16 u    -   64    0    0.000    0.000   0.002
 jane.telecom.mi .INIT.          16 u    -   64    0    0.000    0.000   0.002
 
The pool. addresses are a DNS round-robin (CNAME), which is why you can see them resolved to their A records in the output of # ntpq -p.

I do suggest leaving the "restrict default ignore" entry uncommented in ntp.conf though
 
maybe restrict not working as intended with pool* servers?

yet another bug :) ranging from nonsense time keeping without ntpd to memory management xD
but anyway its good that all get fixed
 
Back
Top