Bind and ntp.org server refused issue

Mark Andrews marka at isc.org
Tue Nov 22 03:55:04 UTC 2011


In message <4ECB1B3E.5010400 at pacbell.net>, Eduardo Bonsi writes:
> Hello;
> 
> Does NTP interfere with DNSSEC configuration?

No, though the machine has to have a good enough idea of the time
when it boots so that the circular dependacy is not a issue.  For
DNSSEC +/- a hour should not be a issue.

> Apple computers have their 
> own time synchronized and configured through the time.apple.com.
> -Is that enough or do I have to configure NTP to work with their 
> pool.ntp.org server?
> 
> In case of Yes, does anyone here in the list have configured NTP 
> successfully and could help? I have read the information out there on 
> Google and tried their configuration but so far it has not worked.
> 
> Thanks!
> 
> 21-Nov-2011 15:09:55.748 security: info: client 63.200.45.xx#port view 
> external: query (cache) 'pool.ntp.org/A/IN' denied

This looks like you have configured multiple views and have a external
machine trying to use you to recurse.  Make sure your match-clients
clauses full cover your internal machines.  In this case 63.200.45.xx
was not being matched.

> 21-Nov-2011 15:09:55.748 query-errors: debug 3: client 
> 63.200.45.xx#port: view external: query failed (REFUSED) for 
> pool.ntp.org/IN/A at 
> /SourceCache/bind9/bind9-31.1/bind9/bin/named/query.c:3899
> 
> 
> -- 
> BEARTCOMMUNICATIONS
> Eduardo Bonsi
> System - Network Admin
> beartcom at pacbell.net
> webmaster at beart.com
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list