[Pool] Pool, time, DNSSEC and startup catch-22
mwaggy at gmail.com
Thu May 30 14:24:17 UTC 2013
On Tue, May 28, 2013 at 12:00 PM, Phil Pennock
<ntp-pool-phil at spodhuis.org> wrote:
> How do folks here, providing this public service, feel about a tool
> which can be run from cron, resolves the IPs periodically and puts them
> live in a local unvalidated (".lan") zone and/or rewrites config files,
> so that the hostnames are dynamic at a resolution of about a day, but
> resolvable without needing accurate time?
I thought that the recommendation was for servers in the pool to use
hand-picked servers, not the pool itself, to make sure that the pool
didn't get time from "itself." (For one server I suppose it makes no
difference, but if everyone in the pool set their servers to the pool,
it might not go well.)
I think it's a lot less dangerous to store IPs of the public, non-pool
servers than to try to save IPs from the pool, which might be removed
from the pool, or just have their underlying IP change or something.
If I'm bringing up a machine where the hardware clock might be wrong,
I usually set it with ntpdate and then sync it to the system clock with
hwclock -w, for a "coarse" setting. Maybe you could do that with a
couple of IPs before starting ntpd?
More information about the pool