NTP through DNS?

Andrew Latham lathama at gmail.com
Sat Sep 22 16:05:24 UTC 2018


chrony does today btw

   - debian/chrony-helper:
      - New helper script to make use of NTP servers obtained from DHCP and
   _ntp._udp DNS SRV records.


On Sat, Sep 22, 2018 at 8:31 AM Matus UHLAR - fantomas <uhlar at fantomas.sk>
wrote:

> >>> On 9/21/2018 3:57 PM, Mauricio Tavares wrote:
> >>>>       But that is not, as Ray said, automated discovery. You are
> >>>> asking the computer to make assumptions, i.e. "if I am in domain
> >>>> hey.com, the ntp is ntp.hey.com." I am more on the lines of "hey
> >>>> domain thingie. You know where a lot of your basic network resources
> >>>> are. If you have a ntp server do you know where it is just like you
> >>>> know where your mail, LDAP, and kerbie servers are hiding?"
>
> >> Am 21.09.18 um 22:19 schrieb Danny Mayer:
> >>> That's not what I wrote. Someone needs to maintain an SRV record. It's
> >>> not a good idea for domains to announce their NTP servers since they
> can
> >>> be abused by others not authorized to use them. We've had plenty of
> >>> abuse along those lines along with DDOS attacks. What the ntp CNAME
> >>> would do is point to a number of other servers to use and you don't
> need
> >>> to call it ntp, it's just a string.
>
> >On 9/21/2018 6:33 PM, Reindl Harald wrote:
> >> but *nobody* cares about what is a good idea when the question was
> >> simply "does ntp discovery work" where the answer is simply no
>
> On 21.09.18 21:39, Danny Mayer wrote:
> >No, that's not true. Consider what you are doing. You are substituting
> >SRV records for CNAME records. There is nothing magical here. NTP can
> >use the CNAME records. Either way the records have to be configured.
> >What do you think you are discovering? SRV records aren't magic.
>
> The OP request indicated that they wish for ntp autoconfiguration.  There
> is
> no autoconfiguration we know of, unless DHCP that was reported often not to
> work.
>
> using either CNAME or SRV records won't change the fact that ntp server
> does
> not autoconfigure itself.
>
> Neither of them also changes the fact that the NTP configuration is not
> related to domain, but to the local network.
>
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Chernobyl was an Windows 95 beta test site.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>


-- 
- Andrew "lathama" Latham -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180922/6005d69a/attachment.html>


More information about the bind-users mailing list