NTP through DNS?

Danny Mayer mayer at pdmconsulting.net
Sat Sep 22 01:39:05 UTC 2018

On 9/21/2018 6:33 PM, Reindl Harald wrote:
> Am 21.09.18 um 22:19 schrieb Danny Mayer:
>> On 9/21/2018 3:57 PM, Mauricio Tavares wrote:
>>>>> The discussion was about automated _discovery_ of the DNS name of your
>>>>> NTP server using an additional level of indirection so that it can be
>>>>> automatically configured without using DHCP.
>>>> That's easy. Create a FQDN called ntp in your domain and have it be a
>>>> set of CNAMES pointing to the ntp servers you want to use. The ntpd pool
>>>> option will take care of setting the multiple servers. You don't need
>>>> the complexity of SRV records.
>>>       But that is not, as Ray said, automated discovery. You are
>>> asking the computer to make assumptions, i.e. "if I am in domain
>>> hey.com, the ntp is ntp.hey.com." I am more on the lines of "hey
>>> domain thingie. You know where a lot of your basic network resources
>>> are. If you have a ntp server do you know where it is just like you
>>> know where your mail, LDAP, and kerbie servers are hiding?"
>> That's not what I wrote. Someone needs to maintain an SRV record. It's
>> not a good idea for domains to announce their NTP servers since they can
>> be abused by others not authorized to use them. We've had plenty of
>> abuse along those lines along with DDOS attacks. What the ntp CNAME
>> would do is point to a number of other servers to use and you don't need
>> to call it ntp, it's just a string.
> but *nobody* cares about what is a good idea when the question was
> simply "does ntp discovery work" where the answer is simply no

No, that's not true. Consider what you are doing. You are substituting
SRV records for CNAME records. There is nothing magical here. NTP can
use the CNAME records. Either way the records have to be configured.
What do you think you are discovering? SRV records aren't magic.


More information about the bind-users mailing list