我将 ntp.conf 设置为仅使用美国池 ntp 服务器,但系统不断尝试联系美国以外的 ntp 服务器。我不知道要采取什么措施来阻止非美国 ntp 服务器访问。任何帮助,将不胜感激。 debian wheezy 是最新的。安装 ntp 后,对 ntp.conf(据我所知)的唯一更改是对四个服务器行的更改。 ntp已重启多次。系统也重新启动。
ntp.conf:
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
server 3.us.pool.ntp.org iburst
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
答案1
无法保证域中的服务器us.pool.ntp.org
实际上位于美国。服务器在该域中的存在仅表明它“足够接近”(用网络术语来说),能够向该国家/地区提供服务。
如果您不喜欢从池中获得的服务器,请设置您自己的基于 GPS 的服务器或使用一些位于美国的公开服务器。
第一段位于http://www.pool.ntp.org/zone说,
在大多数情况下,最好使用 pool.ntp.org 查找 NTP 服务器(如果需要多个服务器名称,则使用 0.pool.ntp.org、1.pool.ntp.org 等)。系统将尝试为您寻找最近的可用服务器。
您可能想尝试一下,而不是强制要求美国区域。我想说这是违反直觉的,我不知道它是否真的适合你,但它可能值得考虑。
当我将我的(家庭)服务器添加到池中时,我似乎记得有人问我希望将其添加到哪些区域,但我现在无法确认。
答案2
我建议您手动选择服务器,例如:
#tick.ucla.edu
server 164.67.62.194
#ntp.okstate.edu
server 139.78.97.128
#navobs1.gatech.edu
server 130.207.244.240
可能对您有用的信息: