Restrict own servers

Hal Murray hmurray at
Sun Aug 2 21:27:05 UTC 2020

>From an ntp.comf:

# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

That's not totally correct for ntpsec.  When setting up a server  via DNS or 
pool it pokes a hole in any restrictions and logs a message.

There are probably cases where that's not the right thing to do.  It's 
necessary if you block most of the world.  You can poke your own holes if you 
are using DNS but there isn't any sane way to do that when using the pool.

Maybe there should be a way to say "no pool servers from xxx/16".  We could do 
that with another restrict bit.

These are my opinions.  I hate spam.

More information about the devel mailing list