NTP question
James R Cutler
james.cutler at consultant.com
Thu May 2 16:13:55 UTC 2019
> On May 2, 2019, at 10:59 AM, William Herrin <bill at herrin.us> wrote:
>
> On Wed, May 1, 2019 at 7:03 PM Harlan Stenn <stenn at nwtime.org <mailto:stenn at nwtime.org>> wrote:
> It's not clear to me that there's anything *wrong* with using the pool,
> especially if you're using our 'pool' directive in your config file.
>
> The one time I relied on the pool I lost sync a year later when all three servers the configuration picked withdrew time services and the still-running ntp client didn't return to the names to find new ones. Wonderful if that's fixed now but the pool folks argued just as strongly for using it back then.
>
> Also, telling the security auditor that you have no idea who supplies your time source is pretty much a non-starter. You can convince them of a lot of things but you can't convince them it's OK to have no idea where critical services come from.
>
> That's what's wrong with the pool.
>
> Regards,
> Bill Herrin
>
>
> --
> William Herrin ................ herrin at dirtside.com <mailto:herrin at dirtside.com> bill at herrin.us <mailto:bill at herrin.us>
> Dirtside Systems ......... Web: <http://www.dirtside.com/ <http://www.dirtside.com/>>
I have only ever used the pool as a supplement to other servers. Here is a snippet from ntp.conf that was found in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard.’ *
# External Time Synchronization Source Servers
#
server tick.usno.navy.mil # open access
server time.apple.com # open access
server Time1.Stupi.SE # open access
server ntps1-0.uni-erlangen.de # open access
server 0.pool.ntp.org # open access
server 1.pool.ntp.org # open access
server 2.pool.ntp.org # open access
server nist1-nj2-ustiming.org # open access
server nist1-chi-ustiming.org # open access
server nist1-pa-ustiming.org # open access
#
I have not kept up with pool changes since then.
*Apologies to Douglas Adams
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190502/904b9812/attachment.html>
More information about the NANOG
mailing list