From owner-freebsd-net  Sun Oct 11 11:46:53 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA23773
          for freebsd-net-outgoing; Sun, 11 Oct 1998 11:46:53 -0700 (PDT)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from ifi.uio.no (ifi.uio.no [129.240.64.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA23763
          for <freebsd-net@FreeBSD.ORG>; Sun, 11 Oct 1998 11:46:48 -0700 (PDT)
          (envelope-from dag-erli@ifi.uio.no)
Received: from fenja.ifi.uio.no (2602@fenja.ifi.uio.no [129.240.65.174])
	by ifi.uio.no (8.8.8/8.8.7/ifi0.2) with ESMTP id UAA16632;
	Sun, 11 Oct 1998 20:44:52 +0200 (MET DST)
Received: (from dag-erli@localhost) by fenja.ifi.uio.no ; Sun, 11 Oct 1998 20:44:52 +0200 (MET DST)
Mime-Version: 1.0
To: Open Systems Networking <opsys@mail.webspan.net>
Cc: "=?iso-8859-1?Q?=22Dag?= -Erling C. =?iso-8859-1?Q?Sm=F8rgrav=22?="  <dag-erli@ifi.uio.no>,
        Jim Cassata <jim@web-ex.com>, FreeBSD Net <freebsd-net@FreeBSD.ORG>
Subject: Re: xntpd
References: <Pine.BSF.4.02.9810111406180.382-100000@orion.webspan.net>
Organization: University of Oslo, Department of Informatics
X-url: http://www.stud.ifi.uio.no/~dag-erli/
X-other-addresses: 'finger dag-erli@ifi.uio.no' for a list
X-disclaimer-1: The views expressed in this article are mine alone, and do
X-disclaimer-2: not necessarily coincide with those of any organisation or
X-disclaimer-3: company with which I am or have been affiliated.
X-Stop-Spam: http://www.cauce.org/
From: dag-erli@ifi.uio.no (Dag-Erling C. =?iso-8859-1?Q?Sm=F8rgrav?= )
Date: 11 Oct 1998 20:44:51 +0200
In-Reply-To: Open Systems Networking's message of "Sun, 11 Oct 1998 14:15:56 -0400 (EDT)"
Message-ID: <xzp7ly7q6os.fsf@fenja.ifi.uio.no>
Lines: 59
X-Mailer: Gnus v5.5/Emacs 19.34
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id LAA23768
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Open Systems Networking <opsys@mail.webspan.net> writes:
> On 11 Oct 1998, Dag-Erling C. [iso-8859-1] Smørgrav wrote:
> > Uh, no. Read the man page.
> I did and thats what I use at a remote site. And it works fine for me,
> care to elaborate?

Of course, you *had* to quote me out of context. The (incorrect) claim
I responded to was:

> > To get all your servers to sync to a common time you need to tell the main
> > xntpd server that gets its time from an atomic clock to broadcast time
> > notices to your lan. I think the option to xntpd is: broadcast lan-netmask

That is simply not true. You *may* set up a computer on your LAN to
act as a broadcast server, and set up the other computers to run xntpd
in broadcastclient mode. But if you want *accuracy* and not just
*precision*, your broadcast server needs to act as a simple client wrt
some other ntp server, unless you have a cesium clock in your NOC. Not
many people have.

If you have a small number of machines, there's no point in setting up
a broadcast server. Just configure each of them to get the time
directly from an upstream server. And even if you want to set up a
local server to act as a proxy, there's no need to set it up as a
broadcast server. Just set it up as a normal client (optionally using
the internal clock as reference if you're on a flaky network
connection such as a dialup) and set up your other clients to use your
proxy as server. Here are example ntp.conf files:

  # Proxy configuration (ntpproxy.domain.net)
  server low.stratum.server.net
  server 127.127.1.0 
  fudge 127.127.1.0 stratum 12 
  driftfile /var/run/ntp.drift

and

  # Client configuration
  server ntpproxy.domain.net
  driftfile /var/run/ntp.drift

For picking the right upstream server, ntptrace is your friend. Point
it at a few random servers (large DNS servers often double as NTP
servers) and see if there's a low-stratum NTP server anywhere near you
(or several, if you're paranoid). Most universities should have a
server in the 2-4 range, and larger ones (large enough to have their
own atomic clock) may even have a stratum 1 server.

Finally, broadcast clients are vulnerable to spoofing attacks and
should be set up to use ntp authentication. Unless you have a huge
subnet and feel that a broadcast server is necessary to lighten your
network and server load (Yeah, right. NTP is a really CPU and network-
intensive protocol. Not.) there's not much point.

(disclaimer: I'm not phk, so I may be wrong about some of this)

DES
-- 
Dag-Erling Smørgrav - dag-erli@ifi.uio.no

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message