[ntp:questions] zeroconf for ntpd?
Wolfgang S. Rupprecht
wolfgang.rupprecht+gnus200705 at gmail.com
Thu May 24 02:37:58 UTC 2007
ibuprofin at painkiller.example.tld (Moe Trin) writes:
>The Apple Rendezvous (renamed 'Bonjour' as a result of trademark
Thanks for the scuttlebutt about Rendezvous.
> Why are you allowing your users to screw with system configuration
Not anytime I call the shots. I'm a strong advocate of using rdist to
make sure every file I care about is identical to the golden system.
(Usually that is everything but a half dozen /etc files that are
symlinked to host-specific files). I assign IP addresses via DHCP
based on the MACs. All the internally accessible services are listed
on DHCP so that trusted guest systems can find the printers and time
servers. Almost-zero-conf(tm) via DHCP works for me (and I assume any
organization that has admins).
The case I see to zero-conf systems is for home users that don't have
any pre-configured DHCP server to point them at all the nice services
they might want to use. Setting up a new BSD or linux system in such
a situation is going to be quite a learning experience. It would be
best to just have the install or runtime system configure things as
best it can.
The current BSD and linux distributions do a reasonably good enough
job with a working ntp out-of-the-box; now that ntp pools is there to
soak up the load that is. The problem I see is that the current setup
is quite wasteful. If a home user has 3 running systems, it beats up
on 3x4 pools servers. That is 3x more load than strictly needed,
especially since pools servers are already being hit up for 15 ntp
queries per second. It would be good to figure out a way to lower
that load and be able to serve the rest of the 99% of the systems that
currently aren't using ntp yet.
> Actually, I'll admit ZeroConf makes my job easier. If any of
> the network switches or routers detects a 169.254.x.x packet, a script
> sends an alarm to the NOC and Security Office, identifying an intruder.
> This brings out the thundering herd of "People Who Do Not Smile". As we
> know where each switch port terminates, we can usually have people asking
> the intruder WTF in under three minutes.
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
Hints for IPv6 on FC6 http://www.wsrcc.com/wolfgang/fedora/ipv6-tunnel.html
More information about the questions