<div dir="ltr">Additionally you may route all outbound requests for NTP to a local source found from an DNS lookup. <div><br></div><div>Benefits could be:</div><div>* Control of time sources (correct a hardcoded address that is no longer valid)</div><div>* Mitigate attack vectors</div><div>* Mitigate bufferbloat</div><div><br></div><div>DNS is an important piece to this puzzle and SRV records can be useful when devices support them. It does not hurt to add the SRV records for common services.</div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Sep 19, 2018 at 9:59 AM Mauricio Tavares <<a href="mailto:raubvogel@gmail.com" target="_blank">raubvogel@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Wed, Sep 19, 2018 at 10:12 AM, Andrew Latham <<a href="mailto:lathama@gmail.com" target="_blank">lathama@gmail.com</a>> wrote:<br>
> You can add SRV records for NTP to your domain if that is what you are<br>
> asking.<br>
><br>
Thanks. I was trying to query for it using dig and then realized<br>
I did not know if that is doable.<br>
<br>
On Wed, Sep 19, 2018 at 10:16 AM, Mukund Sivaraman <<a href="mailto:muks@mukund.org" target="_blank">muks@mukund.org</a>> wrote:<br>
> On Wed, Sep 19, 2018 at 10:08:34AM -0400, Mauricio Tavares wrote:<br>
>> Stupid question: can I publish/query the NTP server through DNS the<br>
>> same way I can ask who is doing LDAP?<br>
><br>
> An NTP serice doesn't belong to a domain, so maybe not (I don't know of<br>
> one off my mind).<br>
><br>
Not necessarily; I can name a few universities and business who<br>
offer their own NTP servers to their internal systems. AFAIK, this is<br>
considered good practice.<br>
<br>
> For provisioning, there are DHCP options to do this. E.g., with ISC-DHCP<br>
> and 10.98.0.5 as the NTP server:<br>
><br>
> subnet 10.98.0.0 netmask 255.255.0.0 {<br>
> ...<br>
> option ntp-servers 10.98.0.5;<br>
> }<br>
><br>
> and perhaps also use "tcode" and "time-offset" options to set the<br>
> timezone.<br>
><br>
> But a real bummer is that some DHCP clients (e.g., Android phones) do<br>
> not make use of this option, and don't even provide a config setting to<br>
> do so. IIRC they synchronize time via the cell phone signal.<br>
><br>
Add Windows devices to the list.<br>
<br>
> Mukund<br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="m_7964205338056566224gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">- Andrew "lathama" Latham -</div></div>