Date: Sun, 8 Jun 2008 13:16:17 +0100 From: xorquewasp@googlemail.com To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: freebsd-hackers@freebsd.org Subject: Re: ntpd jail problem Message-ID: <20080608121617.GB83741@logik.internal.network> In-Reply-To: <20080608121027.GF67629@server.vk2pj.dyndns.org> References: <20080608103254.GA99569@logik.internal.network> <20080608121027.GF67629@server.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20080608 22:10:27, Peter Jeremy wrote: > On 2008-Jun-08 11:32:54 +0100, xorquewasp@googlemail.com wrote: > >I'm running an openntpd instance on the host machine, which syncs the > >clock from the pool at pool.ntp.org. From the log output, ntpd claims to > >be synced and the time does seem to be correct. > > > >I'm then running another openntpd in a jail which doesn't set the time, > >just serves it to clients. > > I've never used openntpd but for the base ntpd, you should be able to > just use 'server 127.127.1.0' to make it trust (and not alter) the > base system time. Note that this openntpd will not have access to the > stratum information from the main ntpd but will have a fixed value and > may need to be adjusted using a 'fudge' command (or equivalent). Ok. Right. > I'd be interested in knowing why you chose this approach rather than > just syncing clients to the [open]ntpd instance in the host machine. Just basic paranoia really. Nothing on the host is network-visible, all the services are in jails. Thanks for the information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080608121617.GB83741>