nanog mailing list archives

Re: NTP question

From: Harlan Stenn <stenn () nwtime org>
Date: Thu, 2 May 2019 11:44:20 -0700



On 5/2/2019 9:13 AM, James R Cutler wrote:

On May 2, 2019, at 10:59 AM, William Herrin <bill () herrin us
<mailto:bill () herrin us>> wrote:

On Wed, May 1, 2019 at 7:03 PM Harlan Stenn <stenn () nwtime org
<mailto:stenn () nwtime org>> wrote:

    It's not clear to me that there's anything *wrong* with using the
    pool,
    especially if you're using our 'pool' directive in your config file.


The one time I relied on the pool I lost sync a year later when all
three servers the configuration picked withdrew time services and the
still-running ntp client didn't return to the names to find new ones.
Wonderful if that's fixed now but the pool folks argued just as
strongly for using it back then.

Also, telling the security auditor that you have no idea who supplies
your time source is pretty much a non-starter. You can convince them
of a lot of things but you can't convince them it's OK to have no idea
where critical services come from.

That's what's wrong with the pool.

Regards,
Bill Herrin


-- 
William Herrin ................ herrin () dirtside com
<mailto:herrin () dirtside com>  bill () herrin us <mailto:bill () herrin us>
Dirtside Systems ......... Web: <http://www.dirtside.com/>


I have only ever used the pool as a supplement to other servers. Here is
a snippet from ntp.conf that was found in the bottom of a locked filing
cabinet stuck in a disused lavatory with a sign on the door saying
'Beware of the Leopard.’ *

    #External Time Synchronization Source Servers
    #
    servertick.usno.navy.mil# open access
    servertime.apple.com <http://time.apple.com># open access
    serverTime1.Stupi.SE# open access
    serverntps1-0.uni-erlangen.de <http://ntps1-0.uni-erlangen.de># open
    access
    server0.pool.ntp.org <http://0.pool.ntp.org># open access
    server1.pool.ntp.org <http://1.pool.ntp.org># open access
    server2.pool.ntp.org <http://2.pool.ntp.org># open access


I recommend you replace the above 3 lines with:

 pool CC.pool.ntp.org

where CC is an appropriate country code or region.

H
--

    servernist1-nj2-ustiming.org <http://nist1-nj2-ustiming.org># open
    access
    servernist1-chi-ustiming.org <http://nist1-chi-ustiming.org># open
    access
    servernist1-pa-ustiming.org <http://nist1-pa-ustiming.org># open access
    #


I have not kept up with pool changes since then.

*Apologies to Douglas Adams


-- 
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!

Current thread:

Re: NTP question, (continued)
- - - Re: NTP question William Herrin (May 01)
    - Re: NTP question Rubens Kuhl (May 01)
    - RE: NTP question Keith Medcalf (May 01)
    - Re: NTP question Harlan Stenn (May 01)
    - Re: NTP question Stephen Satchell (May 01)
    - Re: NTP question Mel Beckman (May 01)
    - Re: NTP question Harlan Stenn (May 01)
    - Re: NTP question William Herrin (May 02)
    - Re: NTP question Chris Adams (May 02)
    - Re: NTP question James R Cutler (May 02)
    - Re: NTP question Harlan Stenn (May 02)
    - Re: NTP question James R Cutler (May 02)
    - Re: NTP question Harlan Stenn (May 02)
    - Re: NTP question Eric S. Raymond (May 06)
    - Re: NTP question Mel Beckman (May 01)
- Re: NTP question Rubens Kuhl (May 01)
- Re: NTP question Alejandro Acosta (May 01)
  - Re: NTP question Mike Hammett (May 01)
    - Re: NTP question Brielle Bruns (May 01)
  - Re: NTP question Carsten Bormann (May 01)
    - Building Integrated Timing System (was Re: NTP question) Sean Donelan (May 02)

(Thread continues...)