NTP question

Harlan Stenn stenn at nwtime.org
Thu May 2 18:44:20 UTC 2019



On 5/2/2019 9:13 AM, James R Cutler wrote:
>> On May 2, 2019, at 10:59 AM, William Herrin <bill at herrin.us
>> <mailto:bill at herrin.us>> wrote:
>>
>> On Wed, May 1, 2019 at 7:03 PM Harlan Stenn <stenn at nwtime.org
>> <mailto:stenn at nwtime.org>> wrote:
>>
>>     It's not clear to me that there's anything *wrong* with using the
>>     pool,
>>     especially if you're using our 'pool' directive in your config file.
>>
>>
>> The one time I relied on the pool I lost sync a year later when all
>> three servers the configuration picked withdrew time services and the
>> still-running ntp client didn't return to the names to find new ones.
>> Wonderful if that's fixed now but the pool folks argued just as
>> strongly for using it back then.
>>
>> Also, telling the security auditor that you have no idea who supplies
>> your time source is pretty much a non-starter. You can convince them
>> of a lot of things but you can't convince them it's OK to have no idea
>> where critical services come from.
>>
>> That's what's wrong with the pool.
>>
>> Regards,
>> Bill Herrin
>>
>>
>> -- 
>> William Herrin ................ herrin at dirtside.com
>> <mailto:herrin at dirtside.com>  bill at herrin.us <mailto:bill at herrin.us>
>> Dirtside Systems ......... Web: <http://www.dirtside.com/>
> 
> I have only ever used the pool as a supplement to other servers. Here is
> a snippet from ntp.conf that was found in the bottom of a locked filing
> cabinet stuck in a disused lavatory with a sign on the door saying
> 'Beware of the Leopard.’ *
> 
>     #External Time Synchronization Source Servers
>     #
>     servertick.usno.navy.mil# open access
>     servertime.apple.com <http://time.apple.com># open access
>     serverTime1.Stupi.SE# open access
>     serverntps1-0.uni-erlangen.de <http://ntps1-0.uni-erlangen.de># open
>     access
>     server0.pool.ntp.org <http://0.pool.ntp.org># open access
>     server1.pool.ntp.org <http://1.pool.ntp.org># open access
>     server2.pool.ntp.org <http://2.pool.ntp.org># open access

I recommend you replace the above 3 lines with:

 pool CC.pool.ntp.org

where CC is an appropriate country code or region.

H
--
>     servernist1-nj2-ustiming.org <http://nist1-nj2-ustiming.org># open
>     access
>     servernist1-chi-ustiming.org <http://nist1-chi-ustiming.org># open
>     access
>     servernist1-pa-ustiming.org <http://nist1-pa-ustiming.org># open access
>     #
> 
> 
> I have not kept up with pool changes since then.
> 
> *Apologies to Douglas Adams

-- 
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!



More information about the NANOG mailing list