-----BEGIN PGP SIGNED MESSAGE-----
I have been building the recent versions of NTP with MD5 enabled. There
is a bug (not located so far as I know) that causes this to require the
use of IP addresses rather than DNS names in the ntp.conf file.
NTP contains an internal DNS resolver thread. When DNS names are found
in the ntp.conf file on startup, a list of those names is passed to this
resolver thread. The resolver thread then uses DNS to resolve the names
and then essentially simulates ntpdc commands to reconfigure the NTP
ntpdc normally requires the use of some authentication, and it appears
that this port, when compiled with MD5, does require the resolver thread
to have access to the same authentication token as the main NTP process.
You can use DNS names in your ntp.conf file if you add:
and put something like:
1 M hex-digits
in your %windir%\ntp.keys file.
The same code base compiled on Linux does not have this requirement,
although using MD5 authentication is a good thing anyway. I believe
that it is actually a bug on the Linux/Unix side to NOT require
authentication, since otherwise anyone that can forge packets with a
source ip address of your machine can reconfigure your NTP server.
PGP key available from the key servers.
Key fingerprint 95 F4 D3 94 66 BA 92 4E 06 1E 95 F8 74 A8 2F A0
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----