From owner-freebsd-hackers@FreeBSD.ORG Sun Jun 8 12:16:23 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B87E106567B for ; Sun, 8 Jun 2008 12:16:23 +0000 (UTC) (envelope-from xorquewasp@googlemail.com) Received: from ik-out-1112.google.com (ik-out-1112.google.com [66.249.90.177]) by mx1.freebsd.org (Postfix) with ESMTP id 0B2CC8FC15 for ; Sun, 8 Jun 2008 12:16:22 +0000 (UTC) (envelope-from xorquewasp@googlemail.com) Received: by ik-out-1112.google.com with SMTP id c30so1249162ika.3 for ; Sun, 08 Jun 2008 05:16:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:received:date:from:to:cc :subject:message-id:references:mime-version:content-type :content-disposition:in-reply-to; bh=Menr5+eceQUmAKxVpvvq1vl59PGmWLIETvDGhsx7cOw=; b=xrq1JyULHsGmCkpCJCvCYV6Ty/C2oMDeGGmXnwKETyBUw2vHAi263ZB6tPwdo/2rTZ M+ZXPWH7HQ5UpQzW902npAA18vAkDANlelnWIYujeHfdi3SBaQuUkmH1K9sMbKn2wCw+ qCNWINdXjUfXBnMx4Av3kD1KQXGCXB1GPb+8U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; b=yEDm6jxOuFyVd6fVexncFK8KOV3D8gKdte6uv9TZUe/dRujeQDRwOc/I3kFT2RNMkx 12WmjKxMAIz53+ZV2+lPybpD2zPEo/hr94+KCyP7LZ8RCZpEghy4waEsKmct+KnCQNEQ z6JmAxJlI2LTv+6eFlLp55v/0wLlhPy0mZglU= Received: by 10.210.131.6 with SMTP id e6mr1961080ebd.10.1212927381805; Sun, 08 Jun 2008 05:16:21 -0700 (PDT) Received: from logik.internal.network ( [81.86.41.187]) by mx.google.com with ESMTPS id j8sm12679013gvb.1.2008.06.08.05.16.20 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 08 Jun 2008 05:16:20 -0700 (PDT) Received: by logik.internal.network (Postfix, from userid 11001) id 9B1975CBE; Sun, 8 Jun 2008 12:16:17 +0000 (UTC) Date: Sun, 8 Jun 2008 13:16:17 +0100 From: xorquewasp@googlemail.com To: Peter Jeremy Message-ID: <20080608121617.GB83741@logik.internal.network> References: <20080608103254.GA99569@logik.internal.network> <20080608121027.GF67629@server.vk2pj.dyndns.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080608121027.GF67629@server.vk2pj.dyndns.org> Cc: freebsd-hackers@freebsd.org Subject: Re: ntpd jail problem X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jun 2008 12:16:23 -0000 On 20080608 22:10:27, Peter Jeremy wrote: > On 2008-Jun-08 11:32:54 +0100, xorquewasp@googlemail.com wrote: > >I'm running an openntpd instance on the host machine, which syncs the > >clock from the pool at pool.ntp.org. From the log output, ntpd claims to > >be synced and the time does seem to be correct. > > > >I'm then running another openntpd in a jail which doesn't set the time, > >just serves it to clients. > > I've never used openntpd but for the base ntpd, you should be able to > just use 'server 127.127.1.0' to make it trust (and not alter) the > base system time. Note that this openntpd will not have access to the > stratum information from the main ntpd but will have a fixed value and > may need to be adjusted using a 'fudge' command (or equivalent). Ok. Right. > I'd be interested in knowing why you chose this approach rather than > just syncing clients to the [open]ntpd instance in the host machine. Just basic paranoia really. Nothing on the host is network-visible, all the services are in jails. Thanks for the information.