[ntp:questions] ntp-b.boulder.nist.gov not synchronized
dfc-list at douglasfcalvert.net
Fri Jun 14 19:21:41 UTC 2013
On Fri, Jun 14, 2013 at 8:31 AM, Jason <bmwjason at bmwlt.com> wrote:
> Thanks for the response.
> We are using the other authenticated server. With only one available, our
> redundancy is gone. If NIST could say, for example, that the broken server
> would be fixed come Monday, I'd chill. However, people I've been able to
> contact are saying the only person that knows anything about / can do
> anything with the broken server is out until July.
> I'll look into dnssec for one (or more) of the non-authenticated servers.
> Thanks for that idea.
Everything that is under the .gov domain is going to have dnssec:
Is this for OATS? Remember:
"Q: Shouldn't we just synchronize to the NIST atomic clock because we can’t
ensure that our time provider is actually in synchronization with the NIST
A: Not necessarily. You can synchronize your clocks with any time provider. Most
time providers provide information about the difference between their clocks and
the NIST clocks. Use this information to determine if your business clocks are
actually in synchronization. If your chosen time provider does not consistently
provide this information, or you have reason to believe that the information is
inaccurate, contact the time provider and FINRA and, if the problem cannot be
rectified, choose another time provider. Your firm is ultimately responsible for
its compliance with the OATS Rules. (Last updated 5/7/12)"
So you can use GPS or navy.mil (also dnssec) in a pinch.
I realize that the easy solution is the authenticated ntp service from
nist. However for some future redundancy you can sign up for the authenticated
time service from NRC.ca. There is a yearly fee but you get authenticated time
and then you can use Circular T from obspm to demonstrate that NRC and NIST
agree to a certain number of nanoseconds.
More information about the questions