On Wed, Feb 12, 2014 at 10:53:35AM -0800, Jeremy Chadwick wrote:
I see some attributes in the "UNIX ntpd" example there which are missing. I would suggest people follow the defaults provided by some of the OSS distros (ex. FreeBSD 9):
http://svnweb.freebsd.org/base/stable/9/etc/ntp.conf?revision=259974&view=ma...
Specifically these lines for starters:
restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery
Only use "kod" if you also use "limited": https://bugzilla.redhat.com/show_bug.cgi?id=1048196 "The current default restrict line in ntp.conf is: restrict default kod nomodify notrap nopeer noquery This can be confusing as the kod option is active only when the limited options is also present. This is documented in ntp_acc(5) man page. The upcoming ntp-4.2.8 will warn about this and we probably want to avoid getting that warning in the future. http://bugs.ntp.org/show_bug.cgi?id=2060 The fix is to remove kod from the default restrict line."