ntp.conf help restricting queries
Posted on 2006-04-11
I have a FreeBSD-6 server running ntp 4.2.0a and am having trouble configuring ntp.conf (restrict statements etc) correctly.
I want to prevent anyone from modifying my server time and I want to use 6 or 7 other servers as peers. Are my potential restrict lines for my internal networks (the commented lines below) correct?
I originally had my restrict default set to ignore but replaced it with "nomodify nopeer notrap" when client machines could not get the time from the server.
my current ntp.conf (have changed the dns names of my time source servers)
# more /etc/ntp.conf
restrict default nomodify nopeer notrap
#restrict 192.168.0.0 mask 255.255.0.0 notrust nomodify notrap
#restrict 172.20.0.0 mask 255.255.0.0 notrust nomodify notrap
#restrict 10.0.0.0 mask 255.255.0.0 notrust nomodify notrap
#restrict 10.2.0.0 mask 255.255.0.0 notrust nomodify notrap
server clock.myntp.tld prefer nomodify notrap noquery
server ntp.something.tld nomodify notrap noquery
restrict 220.127.116.11 mask 255.255.255.255 notrust nomodify notrap
fudge 127.127.1.0 stratum 10
on a related note, all machines except win2k3 server have worked fine, but win2k3 server logs say "no suitable server found" (or something very like that), even though other machines (windows XP Pro, unix, linux, mac os x etc) all get the time ok from the server. Any ideas what I'm doing wrong there?