[CentOS] Trying to get a grasp on NTP server/client access control options

Sat Jul 31 13:57:24 UTC 2010
Niki Kovacs <contact at kikinovak.net>

Hi,

I'm currently sinking my teeth into NTP, to build a local time server. 
So far, configuring a local NTP server and getting the clients to 
connect to it works well. Now, I'm thinking about securing the whole 
thing. BTW, I made a copy of the original ntp.conf file and started my 
own from scratch.

Right now, I have five printed books opened on the corresponding 
chapters (Carla Schroder's Linux Cookbook, RHEL 5 Unleashed, Foundations 
of CentOS, etc.) plus the same amount of online tutorials.

Right now I'm having a bit of a hard time grasping the various access 
control options. Here's a few lines from ntp's default configuration in 
CentOS :

--8<------ /etc/ntp.conf -----------------------------------------------
...
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org

...
restrict 0.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 2.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
...
--8<--------------------------------------------------------------------

This means roughly : "use these three public NTP servers to synchronize, 
but don't let them mess with your configuration".

Now, here's something from NTP's official documentation :

You may use either a hostname or IP address on the 'server' line. You 
*must* use an IP address on the 'restrict' line.

Here's the according link to the documentation :

http://support.ntp.org/bin/view/Support/AccessRestrictions

Which leads me to the assumption that these three 'restrict' lines in 
the default ntp.conf configuration in CentOS are useless, since they 
specify hostnames, and not IP addresses. Correct me if I'm wrong.

Cheers,

Niki