After configure ntp like
set system ntp allow-clients address <x.x.x.x/x>
ntpd allow all ip`s for synchronization time. For strong rules need add to /etc/ntp.conf string consist noquery notrust
restrict default nomodify notrap nopeer noquery notrust
but this require add restrict rules for servers which vyos syncing
# Server configuration for: 1.pool.ntp.org server 217.196.145.42 iburst ... restrict 217.196.145.42 mask 255.255.255.255 nomodify notrap
Restricts rules don`t allow domain. Any ideas about ntp allow-clients?