NTPd listens on UDP port 123 (all IP addresses), by default. Is this necessary for just updating the server time?
If it's necessary to listen on an address, what single address should be used? The possible addresses it can listen on are:
- 127.0.0.1
- server IP
- ::1 (IPv6)
- server IP (IPv6)
Why does it even have to listen on localhost (127.0.0.1 and ::1)? Nobody can reach the server on that address.
To bind NTPd to a single address, the -I option can be used. For my Debian box, I had to edit /etc/default/ntp, and replace -g by:
-g -I 1.2.3.4 -I 127.0.0.1
This causes NTPd to listen on the public address 1.2.3.4 (replace it by your own) and 127.0.0.1.
Best Answer
Listening on localhost makes sense if you want to run to queries on the local box. For examle,
ntpq -p localhostwill query the ntp service running on your local box.In general you probably want ntpd to listen on all real addresses that it needs to send or receive updates on. If you are running ipv6 you need to list the ipv6 addresses as well, otherwise just list the real server ip addresses and ipv4 localhost.