Date: 11 Oct 1998 20:44:51 +0200 From: dag-erli@ifi.uio.no (Dag-Erling C. =?iso-8859-1?Q?Sm=F8rgrav?= ) To: Open Systems Networking <opsys@mail.webspan.net> Cc: "=?iso-8859-1?Q?=22Dag?= -Erling C. =?iso-8859-1?Q?Sm=F8rgrav=22?=" <dag-erli@ifi.uio.no>, Jim Cassata <jim@web-ex.com>, FreeBSD Net <freebsd-net@FreeBSD.ORG> Subject: Re: xntpd Message-ID: <xzp7ly7q6os.fsf@fenja.ifi.uio.no> In-Reply-To: Open Systems Networking's message of "Sun, 11 Oct 1998 14:15:56 -0400 (EDT)" References: <Pine.BSF.4.02.9810111406180.382-100000@orion.webspan.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Open Systems Networking <opsys@mail.webspan.net> writes: > On 11 Oct 1998, Dag-Erling C. [iso-8859-1] Smørgrav wrote: > > Uh, no. Read the man page. > I did and thats what I use at a remote site. And it works fine for me, > care to elaborate? Of course, you *had* to quote me out of context. The (incorrect) claim I responded to was: > > To get all your servers to sync to a common time you need to tell the main > > xntpd server that gets its time from an atomic clock to broadcast time > > notices to your lan. I think the option to xntpd is: broadcast lan-netmask That is simply not true. You *may* set up a computer on your LAN to act as a broadcast server, and set up the other computers to run xntpd in broadcastclient mode. But if you want *accuracy* and not just *precision*, your broadcast server needs to act as a simple client wrt some other ntp server, unless you have a cesium clock in your NOC. Not many people have. If you have a small number of machines, there's no point in setting up a broadcast server. Just configure each of them to get the time directly from an upstream server. And even if you want to set up a local server to act as a proxy, there's no need to set it up as a broadcast server. Just set it up as a normal client (optionally using the internal clock as reference if you're on a flaky network connection such as a dialup) and set up your other clients to use your proxy as server. Here are example ntp.conf files: # Proxy configuration (ntpproxy.domain.net) server low.stratum.server.net server 127.127.1.0 fudge 127.127.1.0 stratum 12 driftfile /var/run/ntp.drift and # Client configuration server ntpproxy.domain.net driftfile /var/run/ntp.drift For picking the right upstream server, ntptrace is your friend. Point it at a few random servers (large DNS servers often double as NTP servers) and see if there's a low-stratum NTP server anywhere near you (or several, if you're paranoid). Most universities should have a server in the 2-4 range, and larger ones (large enough to have their own atomic clock) may even have a stratum 1 server. Finally, broadcast clients are vulnerable to spoofing attacks and should be set up to use ntp authentication. Unless you have a huge subnet and feel that a broadcast server is necessary to lighten your network and server load (Yeah, right. NTP is a really CPU and network- intensive protocol. Not.) there's not much point. (disclaimer: I'm not phk, so I may be wrong about some of this) DES -- Dag-Erling Smørgrav - dag-erli@ifi.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp7ly7q6os.fsf>