Bind and ntp.org server refused issue
Mark Andrews
marka at isc.org
Tue Nov 22 03:55:04 UTC 2011
In message <4ECB1B3E.5010400 at pacbell.net>, Eduardo Bonsi writes:
> Hello;
>
> Does NTP interfere with DNSSEC configuration?
No, though the machine has to have a good enough idea of the time
when it boots so that the circular dependacy is not a issue. For
DNSSEC +/- a hour should not be a issue.
> Apple computers have their
> own time synchronized and configured through the time.apple.com.
> -Is that enough or do I have to configure NTP to work with their
> pool.ntp.org server?
>
> In case of Yes, does anyone here in the list have configured NTP
> successfully and could help? I have read the information out there on
> Google and tried their configuration but so far it has not worked.
>
> Thanks!
>
> 21-Nov-2011 15:09:55.748 security: info: client 63.200.45.xx#port view
> external: query (cache) 'pool.ntp.org/A/IN' denied
This looks like you have configured multiple views and have a external
machine trying to use you to recurse. Make sure your match-clients
clauses full cover your internal machines. In this case 63.200.45.xx
was not being matched.
> 21-Nov-2011 15:09:55.748 query-errors: debug 3: client
> 63.200.45.xx#port: view external: query failed (REFUSED) for
> pool.ntp.org/IN/A at
> /SourceCache/bind9/bind9-31.1/bind9/bin/named/query.c:3899
>
>
> --
> BEARTCOMMUNICATIONS
> Eduardo Bonsi
> System - Network Admin
> beartcom at pacbell.net
> webmaster at beart.com
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list