I’ve joined to have my server be available in the ntp pool but poor scores prevent it from being used. I’ve added it to the beta system and it was running fine then bottom dropped out and it stays like that. Any help would be appreciated to make it more stable.
It looks like you might be aggressively rate limiting, is that possible? One of the monitors does 3 queries (with a couple seconds between each) and it sometimes gets a “RATE” “Kiss of death” response.
# By default, exchange time with everybody, but don't allow configuration. restrict default kod limited nomodify notrap nopeer noquery limited restrict -4 default kod notrap nomodify nopeer noquery limited restrict -6 default kod notrap nomodify nopeer noquery limited # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict -6 ::1 restrict ::1
It looks better now, doesn’t it? The problem on the beta system for your IP appears to be network connectivity to the monitor in Zurich (but it’s been working better the last few days, right?)
I think those restrict lines are ignored by ntpd as there can be only -4 or -6 for IPv4 or IPv6 respectively.
It seems 70.35.192.50 is responding to ntpq/ntpdc queries. That’s not good. You need to add a valid restrict default line to your config to prevent your server from being used in amplification attacks.
I added this line after you posted your message, but that is causing the querries to be blocked so I removed it.
restrict default kod limited nomodify notrap nopeer noquery limited
So now I have the following: #restrict default kod limited nomodify notrap nopeer noquery limited
restrict -20 default kod notrap nomodify nopeer noquery limited
restrict -10 default kod notrap nomodify nopeer noquery limited
What you said makes sense that these values would be ignored as it is working perfectly with them. As soon as I changed it to -4 and -6 respectively all went down.
I really would love to have this working as it should but since 3/20 I cannot get anyone to help with the config. I am running Ubuntu 12 and a standard ntp distribution, nothing fancy.
I removed both kod and limited and the monitors are starting to pick it up again from -99. I assume we need both of kod and limited so how do I make sure it works properly?
Notice that I dont even send kod packets and “limited” is important to have to be able to drop traffic from people that abuse. “disable monitor” prevents DDoS. Monitor will still be enabled because “limited” needs it, but it will not be possible to use it from anything else than localhost.