Nope.
For ntp.conf,
restrict default kod nomodify notrap nopeer noquery [..]
was used. This is not required for chrony. chronyd listens for commands only on the loopback interface and it functions only as an NTP client by default. All NTP requests are ignored. With chrony-2.1.1 the NTP port 123 is not even open and packets send to that port won't reach chronyd.
If chronyd is expected to work also as an NTP server, it is required to add an allow directive to the config.
The kod restrict option in ntp.conf does nothing unless the limited option, which enables rate limiting, is specified too. When kod and limited are used together, ntpd as a server will reply with a KoD packet to clients that are sending too many requests to back off. Unfortunately, clients that do this generally don't understand the KoD reply, so it actually can make things worse and it's better to leave it disabled. chronyd as a server doesn't support rate limiting or KoD. As clients, both ntpd and chronyd support KoD, this is always enabled.
As a general NTP recommendation, it would be good to add a third server to the config, so if one of the servers goes nuts, the other two can outvote it.
from here: https://access.redhat.com/solutions/1977523
No comments:
Post a Comment