[ntp:questions] Bad NTP servers jeopardizing the pool.ntp.org initiative
stenn at ntp.isc.org
Sun Apr 1 16:43:09 UTC 2007
>>> In article <460FAE61.40804 at ntp.isc.org>, mayer at ntp.isc.org (Danny Mayer) writes:
P> As you might have seen elsewhere I do agree that this is only a good
P> idea under well defined circumstances, and I would now add that it is
P> difficult to ascertain up-front whether these conditions are met (i.e.
P> whether it would be desirable for a particular NTP server on a dynamic IP
P> address to be admitted to the pool).
Danny> There are *no* circumstances where this is a good idea. You *cannot*
Danny> make use of a server that is constantly moving IP address. Even fixed
Danny> IP addresses can be problematic in this environment since the clients
Danny> don't requery for addresses after they come up and if someone decides
Danny> to move the server elsewhere, they will never know about it.
Danny, while you are right that one cannot expect to get useful NTP service
from a moving IP address you are flat out wrong that all DHCP-assigned
addresses fall in to this category.
I think you have tunnel-vision in this case, and are being blind to some
cases where obvious/known counter-examples exist.
P> Please remember that I started this suggestion in the context of a
P> discussion of code being added to ntpd that re-resolves server addresses
P> in case of non-reachability. Such code, _if deployed on a critical mass
P> of clients_ (i.e. optimistically, not for a good few years) would address
P> your concern (while not completely removing it).
Danny> We are not the only provider of NTP Clients or for that matter
Danny> servers and unless they also make changes to also do this and have
Danny> everyone upgrade the problem will remain. For most people/admins this
Danny> is a set and forget item when they set up a system.
Danny, from my POV you didn't even address Per's point, and his point seems
perfectly valid to me.
More information about the questions