ntp config tech note

Mike Leber mleber at he.net
Mon May 24 09:40:23 UTC 2004


On Thu, 20 May 2004, Randy Bush wrote:
> you ask do folk run ntpd on every server.
> 
> i wonder if folk run ntpd on every router.  i did and do.

We use ntp on every router for setting time.  We don't run ntpd on every
server due to security concerns based on the idea that you can't have a
hole in a daemon you aren't running.  This is relatively unnecessary I
suppose since ntpd is probably most commonly configured nowdays not to
listen on an exposed port by default.

Just out of curiosity... do you run bind on every server?

Mike.
ps. We run dedicated ntp boxes that don't have hard drives (thanx for the
recommendation a few years ago), again with the idea somebody can't
install a rootkit on box that doesn't have a hard drive.  It's not perfect
or even necessary, just an optional precaution.

+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber           Direct Internet Connections   Voice 510 580 4100 |
| Hurricane Electric     Web Hosting  Colocation       Fax 510 580 4151 |
| mleber at he.net                                       http://www.he.net |
+-----------------------------------------------------------------------+




More information about the NANOG mailing list