[ntp:questions] Re: handling of falsetickers with dumb NTP clients
brad.knowles at skynet.be
Sun Sep 14 15:54:29 UTC 2003
At 2:07 AM +0000 2003/09/12, David L. Mills wrote:
> In other painful words, time and
> security are inseparable in themselves, but must be separable from name
> resolution. The purist cannot turn up bind unless NTP has synchronized
> the clock.
BIND (and name resolution in general) only needs an accurate
value for time if you're using DNSSEC. Otherwise, coarse relative
values (within a second or so, monotonically increasing) are
sufficient. And even that's only necessary for servers that are
acting as caching/recursive resolvers -- authoritative-only servers
only need to compare the SOA serial number as a generic 32-bit
quantity and see whether or not A is greater than B.
In the case of NTP, we are fortunate that we can bootstrap this
process by providing IP addresses in the ntp.conf file, which allows
us to start up before name resolution is working.
However, we should probably give some thought as to a two-phase
startup process whereby we might delay trying to sync with servers
that are specified by name, until such time as name resolution is
working, while proceeding with time sync with servers that are
specified by IP address.
Once name resolution is working again, we could then restart the
early parts of the sync process with the servers that are now
presumably available, if that was deemed to be necessary or useful.
Brad Knowles, <brad.knowles at skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
More information about the questions