SINGLESOCK - How much to strip away?

Hal Murray hmurray at
Sat Jun 2 06:28:13 UTC 2018

Richard Laager said:
> FWIW, for me, at least, the typical cases for daemons are:
> A) bind to localhost only (preferably at least ::1, else
> B) bind to everything (with additional control happening in the kernel) 

ntpd  has 2 cases.

A) Client only - leaf node on the tree.  (forest?)
B) Server - a non-leaf node

The key idea is that random servers don't initiate contact with leaf nodes so 
they don't need a fixed port number.  We could reduce the general exposure 
for leaf nodes by not listening on port 123.

We might want to listen on ::1 so ntpq can talk to it, but that only works if 
you can login to the machine to run ntpq.  If you believe in snmp and our 
wrapper works, then you don't need to login.

These are my opinions.  I hate spam.

More information about the devel mailing list