NTP question
Harlan Stenn
stenn at nwtime.org
Thu May 2 18:44:20 UTC 2019
On 5/2/2019 9:13 AM, James R Cutler wrote:
>> On May 2, 2019, at 10:59 AM, William Herrin <bill at herrin.us
>> <mailto:bill at herrin.us>> wrote:
>>
>> On Wed, May 1, 2019 at 7:03 PM Harlan Stenn <stenn at nwtime.org
>> <mailto:stenn at nwtime.org>> wrote:
>>
>> It's not clear to me that there's anything *wrong* with using the
>> pool,
>> especially if you're using our 'pool' directive in your config file.
>>
>>
>> The one time I relied on the pool I lost sync a year later when all
>> three servers the configuration picked withdrew time services and the
>> still-running ntp client didn't return to the names to find new ones.
>> Wonderful if that's fixed now but the pool folks argued just as
>> strongly for using it back then.
>>
>> Also, telling the security auditor that you have no idea who supplies
>> your time source is pretty much a non-starter. You can convince them
>> of a lot of things but you can't convince them it's OK to have no idea
>> where critical services come from.
>>
>> That's what's wrong with the pool.
>>
>> Regards,
>> Bill Herrin
>>
>>
>> --
>> William Herrin ................ herrin at dirtside.com
>> <mailto:herrin at dirtside.com> bill at herrin.us <mailto:bill at herrin.us>
>> Dirtside Systems ......... Web: <http://www.dirtside.com/>
>
> I have only ever used the pool as a supplement to other servers. Here is
> a snippet from ntp.conf that was found in the bottom of a locked filing
> cabinet stuck in a disused lavatory with a sign on the door saying
> 'Beware of the Leopard.’ *
>
> #External Time Synchronization Source Servers
> #
> servertick.usno.navy.mil# open access
> servertime.apple.com <http://time.apple.com># open access
> serverTime1.Stupi.SE# open access
> serverntps1-0.uni-erlangen.de <http://ntps1-0.uni-erlangen.de># open
> access
> server0.pool.ntp.org <http://0.pool.ntp.org># open access
> server1.pool.ntp.org <http://1.pool.ntp.org># open access
> server2.pool.ntp.org <http://2.pool.ntp.org># open access
I recommend you replace the above 3 lines with:
pool CC.pool.ntp.org
where CC is an appropriate country code or region.
H
--
> servernist1-nj2-ustiming.org <http://nist1-nj2-ustiming.org># open
> access
> servernist1-chi-ustiming.org <http://nist1-chi-ustiming.org># open
> access
> servernist1-pa-ustiming.org <http://nist1-pa-ustiming.org># open access
> #
>
>
> I have not kept up with pool changes since then.
>
> *Apologies to Douglas Adams
--
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!
More information about the NANOG
mailing list