System Administration
Showing results for 
Search instead for 
Did you mean: 

NTP "restrict" issue - RHEL3/4


NTP "restrict" issue - RHEL3/4


I've had an issue with NTP that I think is already solved, but I have still a question regarding a difference in configuration between RHEL 3 and 4.

I have several RHEL 3 systems whose NTP is working correctly with following configuration file /etc/ntp.conf:

restrict default ignore

server a.b.c.d

fudge stratum 10

driftfile /var/lib/ntp/drift
broadcastdelay 0.008

authenticate yes

keys /etc/ntp/keys

As this was working fine I copied this configuration file to my news RHEL 4 systems (in the same subnet) but whenever I started the ntpd daemon it was able to set correctly system's time but it ended up in de-synchronization (drift file was never updated, etc).

I found that "ntpq -p" command returned following output:

remote refid st t when poll reach delay offset jitter
a.b.c.d .INIT. 16 u - 1024 0 0.000 0.000 4000.00

as if it couldn't initiate communication correctly or something like that. I revisited all the configuration files, checked ipdatable and communication between my systems and NTP server through NTP port... and everything seemed to be fined.

After looking for some information I realized that it seemed that with "restrict default ignore" I was preventing my server from being correctly synchronized against NTP server (still don't know why; from my point of view if the client is able to reach the server and get the time from it that should be enough as to remain synchronized).

I added following line to my /etc/ntp.conf file:

restrict a.b.c.d nomodify notrap noquery

and now everything is working fine.

The question is if this line is strictly necessary for the NTP to work. In this case I'd like somebody to let me know why all the RHEL 3 boxes that are running NTP without this line are working fine ?!

Is there any significant difference between RHEL 3 and 4 that may produce this difference in operation?

Thanks in advance.
Honored Contributor

Re: NTP "restrict" issue - RHEL3/4

The definition of the "ignore" option of the restrict command is:

Ignore all packets from hosts which match this entry. If this flag is specified neither queries nor time server polls will be responded to.

So, "restrict default ignore" is supposed to block ntpd from communicating with anyone unless further restrict keywords allow communication to specific targets. In RHEL 3, this does not seem to have the intended effect. This is probably a bug.

RHEL 4 has NTP 4.2.0, while RHEL 3 has NTP 4.1.2. So it would be very interesting to see what changes have been done to ntpd after 4.1.2. The closest equivalent seems to be the file /usr/share/doc/ntp-4.2.0.a.20040617/NEWS on any RHEL 4 machine which has ntp installed. It says:
* More stuff than I have time to document
* IPv6 support
* Bugfixes
* call-gap filtering
* wwv and chu refclock improvements
* OpenSSL integration
Very terse. But either "bugfixes" and "more stuff than I have time to document" might well include fixing the "restrict ... ignore" to actually work as documented.


Re: NTP "restrict" issue - RHEL3/4

Ok, I'll assume this issue on RHEL 3 as a bug, then. On my RHEL4 boxes NTP is working fine since I made the change.