<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><div class="">On May 2, 2019, at 10:59 AM, William Herrin <<a href="mailto:bill@herrin.us" class="">bill@herrin.us</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div dir="ltr" class="">On Wed, May 1, 2019 at 7:03 PM Harlan Stenn <<a href="mailto:stenn@nwtime.org" class="">stenn@nwtime.org</a>> wrote:<br class=""></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
It's not clear to me that there's anything *wrong* with using the pool,<br class="">
especially if you're using our 'pool' directive in your config file.<br class=""></blockquote><div class=""><br class=""></div><div class="">The one time I relied on the pool I lost sync a year later when all three servers the configuration picked withdrew time services and the still-running ntp client didn't return to the names to find new ones. Wonderful if that's fixed now but the pool folks argued just as strongly for using it back then.<br class=""></div><div class=""><br class=""></div><div class="">Also, telling the security auditor that you have no idea who supplies your time source is pretty much a non-starter. You can convince them of a lot of things but you can't convince them it's OK to have no idea where critical services come from.<br class=""></div><div class=""><br class=""></div><div class="">That's what's wrong with the pool. <br class=""></div><div class=""><br class=""></div><div class="">Regards,</div><div class="">Bill Herrin</div><div class=""><br class=""></div></div><br class="">-- <br class=""><div dir="ltr" class="gmail_signature">William Herrin ................ <a href="mailto:herrin@dirtside.com" target="_blank" class="">herrin@dirtside.com</a>  <a href="mailto:bill@herrin.us" target="_blank" class="">bill@herrin.us</a><br class="">Dirtside Systems ......... Web: <<a href="http://www.dirtside.com/" target="_blank" class="">http://www.dirtside.com/</a>></div></div>
</div></blockquote></div><br class=""><div class="">I have only ever used the pool as a supplement to other servers. Here is a snippet from ntp.conf that was found in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard.’ *</div><div class=""><br class=""><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class=""><div class="">#<span class="Apple-tab-span" style="white-space: pre;">    </span>External Time Synchronization Source Servers</div><div class="">#</div><div class="">server<span class="Apple-tab-span" style="white-space:pre">     </span>tick.usno.navy.mil<span class="Apple-tab-span" style="white-space:pre">                  </span># open access</div><div class="">server<span class="Apple-tab-span" style="white-space:pre">       </span><a href="http://time.apple.com" class="">time.apple.com</a><span class="Apple-tab-span" style="white-space:pre">                         </span># open access</div><div class="">server<span class="Apple-tab-span" style="white-space:pre">       </span>Time1.Stupi.SE<span class="Apple-tab-span" style="white-space:pre">                              </span># open access</div><div class="">server<span class="Apple-tab-span" style="white-space:pre">       </span><a href="http://ntps1-0.uni-erlangen.de" class="">ntps1-0.uni-erlangen.de</a><span class="Apple-tab-span" style="white-space:pre">                       </span># open access</div><div class="">server<span class="Apple-tab-span" style="white-space:pre">       </span><a href="http://0.pool.ntp.org" class="">0.pool.ntp.org</a><span class="Apple-tab-span" style="white-space:pre">                         </span># open access</div><div class="">server<span class="Apple-tab-span" style="white-space:pre">       </span><a href="http://1.pool.ntp.org" class="">1.pool.ntp.org</a><span class="Apple-tab-span" style="white-space:pre">                         </span># open access</div><div class="">server<span class="Apple-tab-span" style="white-space:pre">       </span><a href="http://2.pool.ntp.org" class="">2.pool.ntp.org</a><span class="Apple-tab-span" style="white-space:pre">                         </span># open access</div><div class="">server<span class="Apple-tab-span" style="white-space:pre">       </span><a href="http://nist1-nj2-ustiming.org" class="">nist1-nj2-ustiming.org</a><span class="Apple-tab-span" style="white-space:pre">                 </span># open access</div><div class="">server<span class="Apple-tab-span" style="white-space:pre">       </span><a href="http://nist1-chi-ustiming.org" class="">nist1-chi-ustiming.org</a><span class="Apple-tab-span" style="white-space:pre">                 </span># open access</div><div class="">server<span class="Apple-tab-span" style="white-space:pre">       </span><a href="http://nist1-pa-ustiming.org" class="">nist1-pa-ustiming.org</a><span class="Apple-tab-span" style="white-space:pre">                   </span># open access</div><div class="">#</div></blockquote><div class=""><br class=""></div><div class="">I have not kept up with pool changes since then.</div></div><div class=""><br class=""></div><div class="">*Apologies to Douglas Adams</div></body></html>