[COLUG] ntp question

Travis Sidelinger travis at ilive4code.net
Thu May 29 09:47:41 EDT 2008 

I would prefer to not use the pool servers because securing the configuration becomes next to 
impossible.  I believe my configuration is working correctly now.

Here is the configuration I'm using for my NTP server:
# cat /etc/ntp.conf | grep -v ^# | grep ^[a-z]
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen peerstats  file peerstats  type day enable
filegen loopstats  file loopstats  type day enable
filegen clockstats file clockstats type day enable
restrict ocdcdns031.cml.lib.oh.us
restrict rtr-76-1-vlan2.cml.lib.oh.us
restrict rtr-73-1-vlan733.columbuslibrary.org
restrict 127.0.0.0 mask 255.0.0.0
restrict ::1
restrict default nopeer notrap nomodify kod
server 0.us.pool.ntp.org
server 1.us.pool.ntp.org
server 2.us.pool.ntp.org
server 3.us.pool.ntp.org
server 127.127.1.0
fudge 127.127.1.0 stratum 13
peer ocdcdns031.cml.lib.oh.us
peer rtr-76-1-vlan2.cml.lib.oh.us
peer rtr-73-1-vlan733.columbuslibrary.org

My client configuration will look like this:
server ntp1.cml.lib.oh.us
server ntp2.cml.lib.oh.us
server ntp3.cml.lib.oh.us
server 127.127.1.1
fudge 127.127.1.1 stratum 12
restrict ntp1.cml.lib.oh.us nopeer nomodify notrap
restrict ntp2.cml.lib.oh.us nopeer nomodify notrap
restrict ntp3.cml.lib.oh.us nopeer nomodify notrap
restrict 127.0.0.0 mask 255.0.0.0
restrict default ignore

Duane wrote:
> Travis Sidelinger wrote:
>> I'm trying to configure two new NTP stratum 2 servers that will 
>> provide time services for our entire network.
> 
> Do you have an exceptionally good reason for wanting time this accurate? 
> Such as being a public time server for other people on the internet, not 
> just your own network.
> 
> Most people don't have a reason to use anything other than stratum 2 
> servers, and you probably shouldn't be using specific servers like you 
> have either apart from anything else is just plain bad netiquette unless 
> you have otherwise gained prior permission.
> 
> driftfile /var/lib/ntp/ntp.drift
> statsdir /var/log/ntpstats/
> statistics loopstats peerstats clockstats
> filegen loopstats file loopstats type day enable
> filegen peerstats file peerstats type day enable
> filegen clockstats file clockstats type day enable
> server 0.us.pool.ntp.org
> server 1.us.pool.ntp.org
> server 2.us.pool.ntp.org
> server 3.us.pool.ntp.org
> server 127.127.1.0
> fudge 127.127.1.0 stratum 13
> restrict -4 default kod notrap nomodify nopeer noquery
> restrict -6 default kod notrap nomodify nopeer noquery
> restrict 127.0.0.1
> restrict ::1
> 
>> When I take a look at the running status, I see that my new servers 
>> show up as stratum 16.  Anyone know why are they not stratum 2? 
> 
> Because they are trying to init, although they probably won't because if 
> I'm reading this right you specifically told them not to trap or modify.
>

More information about the colug432 mailing list