[Pool] Pool, time, DNSSEC and startup catch-22
ntp-pool-phil at spodhuis.org
Thu May 30 19:20:05 UTC 2013
On 2013-05-30 at 10:24 -0400, Matt Wagner wrote:
> On Tue, May 28, 2013 at 12:00 PM, Phil Pennock
> <ntp-pool-phil at spodhuis.org> wrote:
> > How do folks here, providing this public service, feel about a tool
> > which can be run from cron, resolves the IPs periodically and puts them
> > live in a local unvalidated (".lan") zone and/or rewrites config files,
> > so that the hostnames are dynamic at a resolution of about a day, but
> > resolvable without needing accurate time?
> I thought that the recommendation was for servers in the pool to use
> hand-picked servers, not the pool itself, to make sure that the pool
> didn't get time from "itself." (For one server I suppose it makes no
> difference, but if everyone in the pool set their servers to the pool,
> it might not go well.)
As noted, this is my router. It's a home router (WNDR3800), running
OpenWRT, on a dynamic IP. It's not suited for being a pool server.
My request for feedback is entirely about appropriate behaviour for
clients of the pool so as to not become abusive.
> If I'm bringing up a machine where the hardware clock might be wrong,
> I usually set it with ntpdate and then sync it to the system clock with
> hwclock -w, for a "coarse" setting. Maybe you could do that with a
> couple of IPs before starting ntpd?
And this leads back to the core issue: getting those IPs, and keeping
them up-to-date, using the public pools in a way which does not become
abusive or lead to issues with staleness.
It seems (to me) that the best way out is the one I outlined in response
to Hal Murray's comments, and which was then neatly summarized by Marek.
More information about the pool