CentOS - Apr 2008 - deny other hosts from synchronizing time with NTP client

Hi CentOS users

We are running CentOS 4.5 with NTP 4.2.0.

# cat /etc/ntp.conf
restrict default ignore
restrict dns1.xxx.xxx mask 255.255.255.0 nomodify notrap noquery
restrict dns2.xxx.xxx mask 255.255.255.0 nomodify notrap noquery
restrict 127.0.0.1
server dns1.xxx.xxx
server dns2.xxx.xxx
fudge 127.127.1.0 stratum 10
driftfile /etc/ntp/drift
broadcastdelay 0.008
authenticate no

The problem is that other hosts are able to synchronize the time from
our servers. How to disable that?

# lsof -i :123
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
ntpd    4874  ntp    4u  IPv4  35805       UDP *:ntp
ntpd    4874  ntp    5u  IPv6  35806       UDP *:ntp
ntpd    4874  ntp    6u  IPv4  35807       UDP localhost.localdomain:ntp
ntpd    4874  ntp    7u  IPv4  35808       UDP xxx:ntp
ntpd    4874  ntp    8u  IPv4  35809       UDP xxx:ntp
ntpd    4874  ntp    9u  IPv4  35810       UDP xxx:ntp
ntpd    4874  ntp   10u  IPv4  35811       UDP xxx:ntp

NTP listens on every interface.

cheers
Simon

-- 
XMPP: sjolle at swissjabber.org

On Tue, Apr 22, 2008 at 5:07 AM, Simon Jolle <urandomdev at gmail.com>
wrote:
>  The problem is that other hosts are able to synchronize the time from
>  our servers. How to disable that?
Which other hosts? Other hosts in the same subnet as dns1 and dns2?

If that is the problem, maybe you should try changing "mask
255.255.255.0" to "mask 255.255.255.255". The "mask
255.255.255.0"
means all the class C subnet.

HTH,
Filipe

Simon Jolle wrote:
> The problem is that other hosts are able to synchronize the time from
> our servers. How to disable that?
>   
why is that a problem?