Bind and ntp.org server refused issue

Alan Clegg alan at clegg.com
Tue Nov 22 03:52:49 UTC 2011


On 11/21/2011 10:47 PM, Eduardo Bonsi wrote:
> Hello;
> 
> Does NTP interfere with DNSSEC configuration? Apple computers have their
> own time synchronized and configured through the time.apple.com.
> -Is that enough or do I have to configure NTP to work with their
> pool.ntp.org server?

No.  That's not the problem that you are seeing.

> 21-Nov-2011 15:09:55.748 security: info: client 63.200.45.xx#port view
> external: query (cache) 'pool.ntp.org/A/IN' denied
> 
> 21-Nov-2011 15:09:55.748 query-errors: debug 3: client
> 63.200.45.xx#port: view external: query failed (REFUSED) for
> pool.ntp.org/IN/A at
> /SourceCache/bind9/bind9-31.1/bind9/bin/named/query.c:3899

You have an ACL that doesn't allow 63.200.45.xx to ask you for the given
label (or that address falls outside of all views).

AlanC
-- 
alan at clegg.com | aclegg at infoblox.com
          1.919.355.8851

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111121/6d8b3b18/attachment.bin>


More information about the bind-users mailing list