[ntp:questions] Bad NTP servers jeopardizing the pool.ntp.org initiative

Per Hedeland per at hedeland.org
Mon Apr 2 06:06:08 UTC 2007


In article <ywn9fy7khwpu.fsf at ntp1.isc.org> Harlan Stenn
<stenn at ntp.isc.org> writes:
>>>> In article <460FAE61.40804 at ntp.isc.org>, mayer at ntp.isc.org (Danny
>Mayer) writes:
>
>P>  As you might have seen elsewhere I do agree that this is only a good
>P> idea under well defined circumstances, and I would now add that it is
>P> difficult to ascertain up-front whether these conditions are met (i.e.
>P> whether it would be desirable for a particular NTP server on a dynamic IP
>P> address to be admitted to the pool).
>
>Danny> There are *no* circumstances where this is a good idea. You *cannot*
>Danny> make use of a server that is constantly moving IP address. Even fixed
>Danny> IP addresses can be problematic in this environment since the clients
>Danny> don't requery for addresses after they come up and if someone decides
>Danny> to move the server elsewhere, they will never know about it.
>
>Danny, while you are right that one cannot expect to get useful NTP service
>from a moving IP address you are flat out wrong that all DHCP-assigned
>addresses fall in to this category.
>
>I think you have tunnel-vision in this case, and are being blind to some
>cases where obvious/known counter-examples exist.
>
>P> Please remember that I started this suggestion in the context of a
>P> discussion of code being added to ntpd that re-resolves server addresses
>P> in case of non-reachability. Such code, _if deployed on a critical mass
>P> of clients_ (i.e. optimistically, not for a good few years) would address
>P> your concern (while not completely removing it).
>
>Danny> We are not the only provider of NTP Clients or for that matter
>Danny> servers and unless they also make changes to also do this and have
>Danny> everyone upgrade the problem will remain. For most people/admins this
>Danny> is a set and forget item when they set up a system.
>
>Danny, from my POV you didn't even address Per's point, and his point seems
>perfectly valid to me.

I don't know which "Per" you may be referring to, but anyway the
sections marked "P>" above were written by Jan Ceuleers. (That's what
you get for trying to quote for once.:-)

--Per Hedeland
per at hedeland.org




More information about the questions mailing list