[ntp:questions] Why do many time servers time out on queries from ntpq -p?

Danny Mayer mayer at ntp.isc.org
Tue Apr 15 01:58:40 UTC 2008


Ryan Malayter wrote:
> On Apr 12, 7:23 pm, Steve Kostecke <koste... at ntp.org> wrote:
>>> The answer is security.
>> It also denies the users of a time server potentially valuable
>> information about that server's time sources.
>>
>> You may find it acceptable to use a block box time source with
>> un-auditable time sources. I do not.
>>
> 
> There is nothing about the ntpq output that couldn't be trivially
> faked by a malicious server operator. Mode 6/7 capability adds no true
> security or assurance to the users of an ntp server. Authentication
> does not solve this problem either.
> 

That may be but mode 6/7 is used to also configure the server and for 
DNS when necessary.

> In reality, all public ntp servers are "black boxes", because you
> can't trust anything they tell you, including the time. This is why
> you configure a diverse set of time servers.

If you want to trust them you should use autokey.

Danny



More information about the questions mailing list