stenn at nwtime.org
Thu May 2 18:50:25 UTC 2019
On 5/2/2019 7:59 AM, William Herrin wrote:
> On Wed, May 1, 2019 at 7:03 PM Harlan Stenn <stenn at nwtime.org
> <mailto:stenn at nwtime.org>> wrote:
> It's not clear to me that there's anything *wrong* with using the pool,
> especially if you're using our 'pool' directive in your config file.
> The one time I relied on the pool I lost sync a year later when all
> three servers the configuration picked withdrew time services and the
> still-running ntp client didn't return to the names to find new ones.
> Wonderful if that's fixed now but the pool folks argued just as strongly
> for using it back then.
Were you using 'server' entries in your ntp.conf file or a 'pool' directive?
> Also, telling the security auditor that you have no idea who supplies
> your time source is pretty much a non-starter. You can convince them of
> a lot of things but you can't convince them it's OK to have no idea
> where critical services come from.
I'm not saying you *should* use the pool, or that you should *only* use
the pool. The pool *can* be used responsibly. And I suspect Ask and
his crew have documented things well enough that you could point an
auditor at the docs for the 'pool' directive and the monitoring efforts
that the Pool does, and between that and peering with your other
internal S2 sites and some well-chosen external site and perhaps some
local refclocks you would be in fine shape.
> That's what's wrong with the pool.
> Bill Herrin
> William Herrin ................ herrin at dirtside.com
> <mailto:herrin at dirtside.com> bill at herrin.us <mailto:bill at herrin.us>
> Dirtside Systems ......... Web: <http://www.dirtside.com/>
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!
More information about the NANOG