NTP through DNS?
mayer at pdmconsulting.net
Mon Sep 24 14:15:32 UTC 2018
On 9/22/2018 9:30 AM, Matus UHLAR - fantomas wrote:
>>>> On 9/21/2018 3:57 PM, Mauricio Tavares wrote:
>>>>> But that is not, as Ray said, automated discovery. You are
>>>>> asking the computer to make assumptions, i.e. "if I am in domain
>>>>> hey.com, the ntp is ntp.hey.com." I am more on the lines of "hey
>>>>> domain thingie. You know where a lot of your basic network resources
>>>>> are. If you have a ntp server do you know where it is just like you
>>>>> know where your mail, LDAP, and kerbie servers are hiding?"
>>> Am 21.09.18 um 22:19 schrieb Danny Mayer:
>>>> That's not what I wrote. Someone needs to maintain an SRV record. It's
>>>> not a good idea for domains to announce their NTP servers since they
>>>> be abused by others not authorized to use them. We've had plenty of
>>>> abuse along those lines along with DDOS attacks. What the ntp CNAME
>>>> would do is point to a number of other servers to use and you don't
>>>> to call it ntp, it's just a string.
>> On 9/21/2018 6:33 PM, Reindl Harald wrote:
>>> but *nobody* cares about what is a good idea when the question was
>>> simply "does ntp discovery work" where the answer is simply no
> On 21.09.18 21:39, Danny Mayer wrote:
>> No, that's not true. Consider what you are doing. You are substituting
>> SRV records for CNAME records. There is nothing magical here. NTP can
>> use the CNAME records. Either way the records have to be configured.
>> What do you think you are discovering? SRV records aren't magic.
> The OP request indicated that they wish for ntp autoconfiguration.
> There is
> no autoconfiguration we know of, unless DHCP that was reported often not to
I worked with the DHCP working group a number of years ago to add
options for ntp configuration. The RFC has been released but I don't
have that ID handy. I have no idea whether any DHCP implementation is
using it today.
> using either CNAME or SRV records won't change the fact that ntp server
> not autoconfigure itself.
> Neither of them also changes the fact that the NTP configuration is not
> related to domain, but to the local network.
Doesn't matter. The pool configuration option works like the server
option but sets up all of the servers that it finds rather than just
taking the first one on the list.
pool ntplist.yourdomain iburst
in your ntp.conf file works really well.
More information about the bind-users