[ntp:questions] Date Jumped

Rob nomail at example.com
Wed Jan 13 13:20:32 UTC 2010


Richard B. Gilbert <rgilbert88 at comcast.net> wrote:
> Rob wrote:
>> Maynard <maynard7fold at gmail.com> wrote:
>>> On 1/7/10, the date on our domain controller jumped to 12/7/10, and
>>> was there for about 11 minutes before it reverted back to the current
>>> date.  At the time this happened, our NTP server was pointed to
>>> pool.ntp.org.  We also have a few Novell servers that were pointed to
>>> the same IP addresses as our Server 2003 Domain Controller, and the
>>> NTP server for our Novell network also jumped ahead.  Are we the only
>>> ones that had this issue on this day?  Or are there others out there
>>> that experienced the same problem on the 7th.  Thanks
>> 
>> This can happen any time.  pool.ntp.org is a large collection of
>> servers that joined a voluntary pool of servers.  Any single server
>> in this pool can send the wrong date and time if it likes to, or if
>> there is an error.
> <snip>
>> It is better to use at least 3 different servers from the pool.  I.e.
>> use servernames 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org for 3
>> different servers.
>> 
>> That way, of one fails or plays nasty games, your time will not be
>> affected.
>
> Better still to use at least four servers, whether from the pool or not.
> Using only three servers leaves you vulnerable; if one of them fails you 
> are left with two and no possibility of "voting one out" if one the 
> remaining servers fails, for it is written that a man with two clocks 
> can never be certain what time it is!

I am not going to play the game "it is better to use 25 servers because
if you use 24 and 23 of them fail it leaves you vulnerable".




More information about the questions mailing list