Restrict own servers
hmurray at megapathdsl.net
Sun Aug 2 21:27:05 UTC 2020
>From an ntp.comf:
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
That's not totally correct for ntpsec. When setting up a server via DNS or
pool it pokes a hole in any restrictions and logs a message.
There are probably cases where that's not the right thing to do. It's
necessary if you block most of the world. You can poke your own holes if you
are using DNS but there isn't any sane way to do that when using the pool.
Maybe there should be a way to say "no pool servers from xxx/16". We could do
that with another restrict bit.
These are my opinions. I hate spam.
More information about the devel