Question
If I am running ntp (via ntp.conf) heavily restricted, I cannot use a pool for a server. Why? Because the call to restrict (to allow access for the pool) seems to be another DNS Lookup, which returns another IP value than what was used to originally call the server. Please show me that I am wrong/being stupid about this.
Crude Example (portion of ntp.conf):
https://stackoverflow.com/questions/17978897
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianserver 0.debian.pool.ntp.org iburst
restrict default ignore
restrict -6 default ignore
restrict 0.debian.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
This does not work (I think) because DNS calls to 0.debian.pool.ntp.org return different IP addresses and thus the wrong IP address is allowed via the (poorly named) restrict.
Solution
Use the builtin source alias/directive/whatever:
restrict source nomodify notrap noquery
Updatedd to include documentation for source:
restrict source configures a template restriction automatically added
at runtime for each association, whether configured, ephemeral, or
preemptible, and removed when the association is demobilized.
From: http://www.eecis.udel.edu/~mills/ntp/html/accopt.html#restrict
