[ntp:questions] Re: Public servers?

Brad Knowles brad.knowles at skynet.be
Thu Jul 31 21:24:10 UTC 2003

At 3:57 PM +0000 2003/07/31, Tim Hogard wrote:

>  Any "ISP router" that will be overloaded by its downstream users
>  sending it NTP requests is going to have problems because if they
>  used pool.ntp.org, that very same router would send thouse NTP
>  requests out to the network and would send 20 times as many.

	As a former employee of the largest ISP in Belgium, I don't want 
*ANYONE* abusing my routers to provide time information, unless I 
have explicitly told them to do so.  My routers run NTP as clients, 
not servers.  If anyone wants time sync information, they can come to 
the NTP servers that I have explicitly provided for this function.

	Anyone and anything that might possibly encourage them to act 
contrary to my policies on this subject should be terminated with 
extreme prejudice.

	Under no circumstances whatsoever, should any customer be 
configured to use a router as an NTP server, unless they have been 
explicitly told to do so by the entity/organization that owns that 
network device.

>  If 99% of the people that are now setting their windows clocks using
>  their ISP's router, then even NIST and USNO wouldn't have a problem.

	s/router/time service equipment that they are explicitly told to use/

>  And they will get worse.  Which is why it is importaint to get
>  ISPs to provide time services.  Which they are doing anyway
>  because its easier to tell a cisco router to use NTP than it is
>  to set its clock.

	Maybe some ISPs choose to use their routers as time servers. 
That's fine.  Others don't.  That's fine, too.  But no one, under any 
circumstances whatsoever, should be telling their customers what time 
server to use without the express permission of the entity that 
provides that equipment.

	This is the whole problem that we have been fighting all along. 
You're just making it worse.

>  : Let me expand on our pool.ntp.org experience. Right now it requires two
>  : steps. The first is to do a DNS lookup on pool.ntp.org, craft a
>  : configuration file with all 20 servers so revealed and then start up
>  : NTP. After a few minutes NTP has found the best 3 or 4 servers and
>  : continues with them. The next step is to whittle down the configuration
>  : file to just those servers. Works gangbusters. Of course, the steps
>  : could be automated with due incisions in the NTP source code. At the
>  : moment, this is a little messy, since the configuration code is
>  : smothered in weeds. It may even be possible to do these steps with a
>  : script without changing the source code. Volunteers needed.
>  pool.ntp.org is the right way of doing things but I fear that
>  until the tools are ready, people will keep hitting the overloaded
>  stratum 1 servers when they don't need to.

	The right tools for this problem are already under development. 
If nothing else, I'll have a shell script written and ready to go by 
the end of the weekend, even though I haven't started yet.

Brad Knowles, <brad.knowles at skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

More information about the questions mailing list