Change default to "restrict default kod limited nomodify nopeer noquery"

Hal Murray hmurray at
Mon Dec 12 11:25:59 UTC 2016

> I like it, and learn towards saying yes.  Let's see what Hal and others say.

I'm happy to change the default, but I think we need some text that explains 


The old noquery was there to fix a DDoS amplification attack using the old 
monlist.  That's not possible any more, but there may be other reasons for 

Is nopeer interesting?  I thought we dropped support for "peer" and the 
corresponding server side support too.

I don't understand kod/limited and how they are tangled with DoS attacks.

Is nomodify needed?  I thought all the ntpq commands that changed anything 
needed a password.

These are my opinions.  I hate spam.

More information about the devel mailing list