debian ntp客户端访问错误的ntp服务器。

Question

我有ntp.conf设置，只使用我们池ntp服务器，但系统一直试图联系美国以外的ntp服务器。我不知道该采取什么措施来阻止非美国ntp服务器访问。任何帮助都将不胜感激。debian的喘息是最新的。在安装ntp之后，对ntp.conf的唯一更改(据我所知)是对四条服务器行的更改。ntp已经重新启动了几次。系统也重新启动。

ntp.conf：

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift


# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
server 3.us.pool.ntp.org iburst

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

Answer 1

不能保证us.pool.ntp.org域中的服务器实际上存在于美国。服务器在该域中的存在只是表明它“足够近”(就网络而言)，能够为该国家服务。

如果您不喜欢从池中获得的服务器，可以建立您自己的基于GPS的服务器，或者使用一些基于美国的公开可用服务器。

http://www.pool.ntp.org/zone的第一段说，

在大多数情况下，最好使用pool.ntp.org查找NTP服务器(如果需要多个服务器名称，则查找0.pool.ntp.org、1.pool.ntp.org等)。系统将尝试为您找到最接近的可用服务器。

你可能会尝试这样做，而不是强制设立一个美国区域。我会说这是违反直觉的，我不知道它是否真的对你有用，但它可能是值得考虑的。

当我将我的(家庭)服务器添加到池中时，我似乎还记得有人问我想要将它添加到哪些区域，但我现在无法确定。

Answer 2

我建议您手动选择服务器，例如：

#tick.ucla.edu
server 164.67.62.194
#ntp.okstate.edu
server 139.78.97.128
#navobs1.gatech.edu
server 130.207.244.240

可能对你有用的信息：

如何将服务器连接到NTP池项目

NTP服务器在线测试仪