Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file

Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?
From: Bryan Christianson <bryan@xxxxxxxxxxxxx>
Date: Wed, 26 Jul 2017 03:15:42 +1200
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smtpcorp.com; s=a1-4; h=Feedback-ID:X-Smtpcorp-Track:Message-Id:To:Date: Subject:From:Reply-To:Sender:List-Unsubscribe; bh=HSiKq/cyULFNOGqixkmdeMvjaGwJoyeCg/Tl3lMDTOU=; b=kwFAgyzF9mcCHkEaqaKrQlca5Q BNrhb4/Ryu1XcvRf0cSxCicG93CxchC17BelDJyGLaf7wra5j2lAusRzXbX6yDO9QARJIB8YRPq5M JnQiG4yYy58gUFzJglLHzSpEW+eNgB02UIVl1lj/G25UYJbLWu+2O/pQlaMBBGCkM/Ft77JFraZzL 8VgyIyHqbBQJ8U2HXbysaYAj4Rl8P0+hF1cCZT2y+HQVvdNRj0s+1lonCxQnKBIr3pYAlwmKw+V3I AlbQ1NYoQ5NxyPCU5I9tvuTMqcN11C57Md+1ebHeeivxbnLDc/TGMliJegg+jF0TSlwBO24myOe9S zjdr505g==;
Feedback-id: 149811m:149811acx33YQ:149811sscACMZ4tb:SMTPCORP

> On 26/07/2017, at 3:07 AM, Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote:
> 
> Right. There may be also AAAA records. To which addresses it should
> apply? The addresses may change over time. Should chronyd try to
> follow the changes? That would be tricky. I generally don't recommend
> using hostnames in allow/deny.

I agree with that. Fixed IPs are more secure and don't require assumptions. My point was how they should be interpreted if they are allowed.

The other issue is validation that the prefix is something sensible. ipv6/16 is a LOT of addresses and ipv4/128 is wrong :). I guess you are doing that already.

> 
>> In chrony I think name/prefix could mean all hosts in the network defined by (address & mask) == (host & mask)
> 
> I don't know. To me it doesn't feel right.

:) its mathematically correct but may be confusing for some people.

> 
> I'd like to make a 3.2 prerelease today. I have a "bugfix" commit for
> this in my git. We can revisit this before the final release.

That would be good. Still nothing from Apple on fixing adjtime() but hopefully they will get to it soon.

B

Bryan Christianson
bryan@xxxxxxxxxxxxx

--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- [chrony-users] Using symbolic network names in /etc/chrony.conf file?
  - From: Parker, Michael D.
- Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?
  - From: Miroslav Lichvar
- Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?
  - From: Miroslav Lichvar
- Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?
  - From: Chris Greenman
- Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?
  - From: Miroslav Lichvar
- Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?
  - From: Bryan Christianson
- Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?
Next by Date: Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?
Previous by thread: Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?
Next by thread: RE: -EXT-Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file?

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/