[ntp:questions] Re: Public servers?

David L. Mills mills at udel.edu
Thu Jul 31 23:58:15 UTC 2003


Hear, hear; glad others see the point, too. I would hope whatever you 
come up with that is politically correct, and for that matter anybody 
else comes up with, is lit on the web at www.ntp.org.


Brad Knowles wrote:

> At 3:57 PM +0000 2003/07/31, Tim Hogard wrote:
>>  Any "ISP router" that will be overloaded by its downstream users
>>  sending it NTP requests is going to have problems because if they
>>  used pool.ntp.org, that very same router would send thouse NTP
>>  requests out to the network and would send 20 times as many.
>     As a former employee of the largest ISP in Belgium, I don't want 
> *ANYONE* abusing my routers to provide time information, unless I have 
> explicitly told them to do so.  My routers run NTP as clients, not 
> servers.  If anyone wants time sync information, they can come to the 
> NTP servers that I have explicitly provided for this function.
>     Anyone and anything that might possibly encourage them to act 
> contrary to my policies on this subject should be terminated with 
> extreme prejudice.
>     Under no circumstances whatsoever, should any customer be configured 
> to use a router as an NTP server, unless they have been explicitly told 
> to do so by the entity/organization that owns that network device.
>>  If 99% of the people that are now setting their windows clocks using
>>  their ISP's router, then even NIST and USNO wouldn't have a problem.
>     s/router/time service equipment that they are explicitly told to use/
>>  And they will get worse.  Which is why it is importaint to get
>>  ISPs to provide time services.  Which they are doing anyway
>>  because its easier to tell a cisco router to use NTP than it is
>>  to set its clock.
>     Maybe some ISPs choose to use their routers as time servers. That's 
> fine.  Others don't.  That's fine, too.  But no one, under any 
> circumstances whatsoever, should be telling their customers what time 
> server to use without the express permission of the entity that provides 
> that equipment.
>     This is the whole problem that we have been fighting all along. 
> You're just making it worse.
>>  : Let me expand on our pool.ntp.org experience. Right now it requires 
>> two
>>  : steps. The first is to do a DNS lookup on pool.ntp.org, craft a
>>  : configuration file with all 20 servers so revealed and then start up
>>  : NTP. After a few minutes NTP has found the best 3 or 4 servers and
>>  : continues with them. The next step is to whittle down the 
>> configuration
>>  : file to just those servers. Works gangbusters. Of course, the steps
>>  : could be automated with due incisions in the NTP source code. At the
>>  : moment, this is a little messy, since the configuration code is
>>  : smothered in weeds. It may even be possible to do these steps with a
>>  : script without changing the source code. Volunteers needed.
>>  pool.ntp.org is the right way of doing things but I fear that
>>  until the tools are ready, people will keep hitting the overloaded
>>  stratum 1 servers when they don't need to.
>     The right tools for this problem are already under development. If 
> nothing else, I'll have a shell script written and ready to go by the 
> end of the weekend, even though I haven't started yet.

More information about the questions mailing list