Ru-Board.club
← Вернуться в раздел «Программы»

» ntpd CentOS

Автор: Shesoff
Дата сообщения: 25.06.2012 13:01
Доброго времени суток.
При настройке ntpd столкнулся с неразрешимой для себя задачей %)
Имеем такой конфиг

Код:
[root@kannel-nav ~]# grep -v ^\# /etc/ntp.conf | grep .
restrict default ignore
restrict 127.0.0.1
restrict ntp.local.lan
restrict 0.ru.pool.ntp.org
restrict 1.ru.pool.ntp.org
restrict 2.ru.pool.ntp.org
restrict 3.ru.pool.ntp.org
restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
restrict 192.168.0.0 mask 255.255.0.0 nomodify notrap
server ntp.local.lan iburst prefer
server 0.ru.pool.ntp.org iburst
server 1.ru.pool.ntp.org iburst
server 2.ru.pool.ntp.org iburst
server 3.ru.pool.ntp.org iburst
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
Автор: Shesoff
Дата сообщения: 26.06.2012 10:36
Некто Dave Hart уже отвечал на аналогичную проблема.
Скопирую сюда для истории

Цитата:

Ask yourself why "restrict default ignore" is there and if it's really
doing you the good you think it is, because, as you are discovering,
it gets tricky to use the round-robin DNS of pool.ntp.org with a
blanket "ignore" restriction. Most of us get by fine never using any
"ignore" restriction. In every configuration I can think of, ntpd
ignores unsolicited NTP traffic anyway. In your configuration, ntpd
will be acting as a unicast client with each of its sources, so every
time exchange is initiated by your ntpd. I'm having a hard time
understanding what you (and others who use "restrict default ignore")
understand to be the benefit to outweigh the pain.

Assuming we can't resolve this the easy way, or we're bored and like
to discuss, let's go down the "restrict default ignore" plus pool path
a bit more. Using round-robin DNS names from pool.ntp.org in both
ntp.conf "server" and "restrict" lines is asking for trouble,
basically, because those DNS names resolve to multiple addresses, I
believe. The changing results every three minutes don't come into
play, I suspect. When it is not working, I suspect you will find if
you dig enough that "server" and "restrict" for the same DNS name are
using different IP addresses.

To dig: ntpq -np -c 'rv &1' will show you the details for the first
association in the peers billboard. &2 for the second association,
etc. ntpdc -c reslist will show you the restrictions in effect. When
it's not working the IP address in the rv output will not match the IP
address in the reslist.

Despite my prejudice that people in your situation are wasting time
with the "ignore" restriction, I added a solution in the current -dev
branch, as of early April (4.2.7p22): "restrict source". With that
you can do what you want with just two restrict statements and it will
do the right thing with the pool's multiple, changing IPs:

restrict default ignore
restrict source nomodify nopeer notrap noquery

Every configured source uses the "restrict source" template
restrictions without having to have as many restrict statements as
association ones like "server".

http://lists.ntp.org/pipermail/questions/2010-June/026883.html

Страницы: 1

Предыдущая тема: OpenPuff


Форум Ru-Board.club — поднят 15-09-2016 числа. Цель - сохранить наследие старого Ru-Board, истории становления российского интернета. Сделано для людей.