well-known NTP?
Lars-Johan Liman
liman at autonomica.se
Tue Apr 11 23:10:09 UTC 2006
[I just happened to see this, browsing at high speed, so please
forgive me, if I'm out of context.]
eddy+public+spam at noc.everquick.net:
> AS112-style NTP service, anyone? That would be cooperative and
> possibly even useful.
That is actually not necessarily such a good idea.
With the current AS112 stuff, we only provide DNS reverse service for
network for which there should essentially be no queries. Hence,
replying with "doesn't exist" is kind of OK. Should an anycast
instance go rouge and give false answers, that is still within the
bounds of "acceptable", since the query shouldn't be there in the
first place.
If you create a disparate anycast system of NTP server, you run into a
security issue, since many security protocols have "accurate time" as
an important parameter, and a rouge anycast NTP server could create
substantial amounts of harm from security and other standpoints by
giving out incorrect time.
Nope, you want your NTP to come from an appropriate source ...
preferrably with signatures.
Cheers,
/Liman
#----------------------------------------------------------------------
# There are 10 kinds of people in the world. Those who understand
# binary numbers, and those who don't.
#----------------------------------------------------------------------
# Lars-Johan Liman, M.Sc. ! E-mail: liman at autonomica.se
# Senior Systems Specialist ! HTTP : //www.autonomica.se/
# Autonomica AB, Stockholm ! Voice : +46 8 - 615 85 72
#----------------------------------------------------------------------
More information about the NANOG
mailing list