Chiming in a bit late here, however, the availability of stratum 1 clocks and stratum 2 class time data on non IP and/or non interconnected networks is now so large, I question why one would run NTP outside of the building in many cases, certainly in an enterprise of any size.
A 1pulse per second aligned to GPS is good to a few ns. Fairly straightforward to plug into even a OpenWrt type of router. Turn on the pps in NTP on the router and you are good to go. On Tue, Sep 10, 2013 at 6:45 PM, Evan Hunt <e...@isc.org> wrote: > On Tue, Sep 10, 2013 at 05:59:52PM -0400, Olafur Gudmundsson wrote: > > My colleagues and I worked on OpenWrt routers to get Unbound to work > > there, what you need to do is to start DNS up in non-validating mode wait > > for NTP to fix time, then check if the link allows DNSSEC answers > > through, at which point you can enable DNSSEC validation. > > That's roughly what we did with BIND on OpenWrt/CeroWrt as well. We > also discussed hacking NTP to set the CD bit on its initial DNS queries, > but I don't think any of the code made it upstream. > > My real recommendation would be to run an NTP pool in an anycast cloud of > well-known v4 and v6 addresses guaranteed to be reliable over a period of > years. NTP could then fall back to those addresses if unable to look up the > server it was configured to use. DNS relies on a well-known set of root > server addresses for bootstrapping; I don't see why NTP shouldn't do the > same. > > (Actually... the root nameservers could *almost* provide a workable time > tick for bootstrapping purposes right now: the SOA record for the root > zone encodes today's date in the serial number. So you do the SOA lookup, > set your system clock, attempt validation; on failure, set the clock an > hour forward and try again; on success, use NTP to fine-tune. Klugey! :) ) > > -- > Evan Hunt -- e...@isc.org > Internet Systems Consortium, Inc. > _______________________________________________ > DNSOP mailing list > dn...@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
