Change default to "restrict default kod limited nomodify nopeer noquery"

Hal Murray hmurray at megapathdsl.net
Mon Dec 12 11:25:59 UTC 2016


> I like it, and learn towards saying yes.  Let's see what Hal and others say.

I'm happy to change the default, but I think we need some text that explains 
why.

--------

The old noquery was there to fix a DDoS amplification attack using the old 
monlist.  That's not possible any more, but there may be other reasons for 
noquery.

Is nopeer interesting?  I thought we dropped support for "peer" and the 
corresponding server side support too.

I don't understand kod/limited and how they are tangled with DoS attacks.

Is nomodify needed?  I thought all the ntpq commands that changed anything 
needed a password.



-- 
These are my opinions.  I hate spam.





More information about the devel mailing list