[ntp:questions] multiple instances of NTP on different interfaces
Rob
nomail at example.com
Wed Mar 6 08:47:23 UTC 2013
unruh <unruh at invalid.ca> wrote:
> On 2013-03-05, Rob <nomail at example.com> wrote:
>> unruh <unruh at invalid.ca> wrote:
>>> On 2013-03-05, Rob <nomail at example.com> wrote:
>>>> David Woolley <david at ex.djwhome.demon.invalid> wrote:
>>>>> Abu Abdullah wrote:
>>>>>
>>>>>>
>>>>>> Does this mean ntpd is not supposed to be run in parallel? Is there any
>>>>>
>>>>> It is not seen as something anyone would want to do.
>>>>
>>>> I could understand why someone would want to run one instance that
>>>> controls the clock, and another instance that only serves time to
>>>> clients on the (inter)net and cannot control the clock.
>>>
>>> You could? I cannot. ntpd both controls the clock and serves time. Why
>>> would you want to split those?
>>
>> Because the users of the clock service may be able to disturb that
>> service, e.g. by overloading it, by making it crash sending it invalid
>> requests, etc. Some people may consider the service to keep their own
>> clock correct to be more important than the service to tell time to
>> others.
>>
>> Seeing the reply that the OP posted in the meantime, I was not too far
>> off. He wants a separation between the internal use of NTP to sync
>> the local and other important systems, from the service to give time
>> to others.
>>
>> I think it is a reasonable wish. Certainly not something that nobody
>> would want to do.
>
> Well, I would just put the outside service onto some inconsequential
> machine at a higher stratum and have it read time from an inside server.
> If you are worried about someone crashing it, you do not want it to be
> on the same machine, since that crash is liable not to crash ntpd but
> the whole machine anyway.
>
> Ie do not run them on the same machine if that is your worry.
He has only one machine.
Running separate processes on a single machine, where you can set different
resource limits for the processes, is better than doing everything in
a single process.
Maybe best for him is to use virtualization and run all the public services
in the virtual machine. Hacking a virtual machine is another step beyond
disturbing an ntp process.
More information about the questions
mailing list