[ntp:questions] Re: ntpd, boot time, and hot plugging

Brad Knowles brad at stop.mail-abuse.org
Sun Feb 6 20:29:51 UTC 2005


At 3:01 PM -0500 2005-02-06, Tom Smith wrote:

>  I think what your experiment actually showed was that if you
>  make both dependent on DNS timeouts, you can make ntpdate as
>  slow as ntpd at this task.

	No, my results clearly show that ntpdate is roughly as slow (or 
slower) than ntpd on startup for comparable sets of servers, 
independent of DNS slowdowns.

>  A lot of folks don't depend on DNS in the first place and
>  place critical servers in /etc/hosts (or in very secure
>  environments use only /etc/hosts). With respect to ntpd,
>  a lot of folks use IP addresses in ntp.conf instead of
>  names if there is any doubt about DNS server availability.

	As we know, IP addresses of servers can change.  And when you're 
talking about services like pool.ntp.org, since you're using a DNS 
round-robin "rotor", the IP addresses are supposed to change on every 
query.

	So, just using IP addresses alone does not work in the general 
case.  Indeed, with the recent changes in the Debian, Gentoo, 
OpenBSD, NetBSD, and FreeBSD camps, I would submit that there are 
probably now more people who are dependant on using pool.ntp.org than 
have ever previously hand-coded their own ntp.conf and plugged in 
primarily servers by IP address or which were specified in their 
/etc/hosts.  Then add to that all the MacOS X clients that are using 
a time server provided by Apple, and the Windows clients that are 
using a time server provided by Microsoft, and you push out the 
numbers of DNS-dependant clients much, much further.


	If you want to compare carefully created hand-crafted 
configurations to anything else, you can show anything you want. 
That's a clear case of rigging the jury.

>  And if you feed ntpd only one server, or only three servers, and
>  one or more of those servers is down, you can just as well
>  be just as seriously toasted with ntpd. Dumb is dumb whether
>  you're using a hammer or a screwdriver.

	If you want to make a tool analogy, try the model of a Yankee 
screwdriver as compared to a regular one, or a power model.  Anyone 
who has ever used a Yankee screwdriver knows that they can be 
powerful and faster than a regular model, but they are also much more 
likely to seriously injure you than either a regular screwdriver or 
an electric one, exclusively because of the inherent design 
differences.

	Experience teaches us that ntpdate is far more likely to be 
abused in stupid ways than ntpd, although stupidity with either can 
be fatal.

>  The data in fact show that ntpdate in fact made adjustments closer
>  to zero to an already stable time than ntpd in all but one case.

	No, the data doesn't show that.  Your data is clearly different 
from my data, and I've gone to significant lengths to try to make the 
comparisons as clear and simple as possible.

>  What I beieve is that you should let Dave speak for himself and let
>  carefully chosen and presented data speak for you. Like Dave, I prefer
>  to base opinions on actual data, and, like Dave, I tend to place more
>  faith in opinions similarly supported.

	Well, we've got some actual data here, and I don't see any 
practical advantage to using ntpdate over ntpd.

>>      I am not convinced that these are design goals that can be made
>>  to be compatible.
>
>  Oh ye of little faith.

	You're always welcome to step up to the plate and contribute code 
which proves your claims.  This is an open source project, after all.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.



More information about the questions mailing list