Need trusted NTP Sources

Jay Ashworth jra at
Sun Feb 9 00:43:36 UTC 2014

----- Original Message -----
> From: "Saku Ytti" <saku at>

> On (2014-02-06 21:14 -0500), Jay Ashworth wrote:
> > My usual practice is to set up two in house servers, each of which
> > talks to:
> >
> > And then point everyone in house to both of them, assuming they
> > accept multiple server names.
> Two is worst possible amount of NTP servers to have. Either one fails and your
> timing is wrong, because you cannot vote false ticker. And chance of either of
> two failing is higher than one specific of them.

Fair point.

In practice, it never bit me because nearly everything that wanted NTP
would only accept one server name (being windows) and the things that
*did* take more than one, I generally pointed to both internals, and 
something outside the firewall as well.

In the architecture I described, though, is it really true that the odds
of the common types of failure are higher than with only one?

-- jra
Jay R. Ashworth                  Baylink                       jra at
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274

More information about the NANOG mailing list