[ntp:questions] Regarding Primary/Secondary NTP setup

Ryan Malayter malayter at gmail.com
Sun Feb 22 20:19:15 UTC 2009

On Sun, Feb 22, 2009 at 1:31 PM, Danny Mayer <mayer at ntp.org> wrote:
> No, NAT is a hack and a bad one at that. If you cannot rely on the
> packet and its headers you cannot rely on anything that is received. It
> also means that you can easily fake queries. You don't want to go there.

Umm... NAT has nothing to do with that whatsoever, unless you have
choosen to make IPv4 addresses security identifiers in your protocol.
SSL/TLS and SSH function just fine in a NAT environment, because their
identity mechanisms are above the transport layer.

NAT is indeed an ugly hack, but a coimpletely necessary one, and it is
here to stay for the next 10 years at least. We would have been out of
IPv4 space years ago without NAT. IPv6 was nowhere near ready for wide
deployment when NAT started becoming popular, and still is not in many
respects (multihoming anyone?).


More information about the questions mailing list