[ntp:questions] Re: Latest changes to TWiki GettingStarted

Brad Knowles brad.knowles at skynet.be
Mon Oct 6 10:14:09 UTC 2003


At 12:23 AM -0700 2003/10/06, Tim Shoppa wrote:

>  And the quality of a vendor-supplied default config can be highly
>  variable.  Some of the vendor-supplied ntpd binaries are really
>  ancient and will not take the ntp.conf options that have been developed
>  in the past 4 or 5 years.

	True enough.  We can help them in this regard, by providing good 
examples for them to work from.  But we can't solve their problems 
for them.  They have to meet us half-way.

>  The other attitude is that the vendor-supplied ntp.conf's often have
>  really boneheaded stupid and in some cases poisonous settings.  e.g.
>  the LOCAL refclock at stratum 0, etc.

	Also true.  See above.

>  One (although not the only) choice to solve this problem is the
>  pool.ntp.org effort.  It's designed to take all the trepidation and
>  unwariness of going through the list of "public ntp servers" most all
>  of which have access restrictions.

	I submit that pool.ntp.org is not likely to be truly useful until 
we can make ntpd more savvy about names that resolve to multiple IP 
addresses, so that we don't have to deal with the issue of broken 
resolvers or broken caching/recursive nameservers that do not do 
round-robin.  We need to handle this sort of thing internally.

	Once we do that, I think we should be much safer.

>                                      It's also a very young experiment...
>  while it's been entirely succesful up to this date, it may not stand
>  up so well if some misbehaved NTP server supplied by some vendor hammers
>  all the pool.ntp.org servers in the same way that Netgear hammered
>  UWisc.

	With the updated version of ntpd, and perhaps some more DNS magic 
that I'm hoping to be able to test out locally, I think we should be 
in a much stronger position, perhaps able to take the kind of abuse 
currently being dealt out to UWisc, or the kind of stuff that happens 
to the root nameservers on a daily basis.

	Until then, I fear that we are on thin ice.

-- 
Brad Knowles, <brad.knowles at skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)



More information about the questions mailing list