| Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file? |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Tue, 25 Jul 2017 17:07:27 +0200
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=mlichvar@xxxxxxxxxx
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com BF2C63BEB5
On Wed, Jul 26, 2017 at 02:52:25AM +1200, Bryan Christianson wrote:
> My view on this is that host/prefix is a shorthand notation for (ip_address & mask) and that should work for both IPv6 and IPv4.
> i.e. there is an assumption that people understand how the network and mask are both calculated and used.
>
> I have no problem with the ip part being either a name or an address. In the case of a name, there is always the dilemma of which ip address to use if there are multiple A records for that name.
Right. There may be also AAAA records. To which addresses it should
apply? The addresses may change over time. Should chronyd try to
follow the changes? That would be tricky. I generally don't recommend
using hostnames in allow/deny.
> In chrony I think name/prefix could mean all hosts in the network defined by (address & mask) == (host & mask)
I don't know. To me it doesn't feel right.
I'd like to make a 3.2 prerelease today. I have a "bugfix" commit for
this in my git. We can revisit this before the final release.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.