On Monday 25 July 2005 21:40, Yedidyah Bar-David wrote: > > And the netvision server. All seem to sync from that startum 1 server at > > HUJI. > > No, timeserver.iix.net.il has its own gps.
Hello, Among the public NTP servers available, none is stratum 1, as stratum 1 should never be made public, but instead it should serve a series of stratum 2 servers who serve the public. The legendary ntp.ac.il, which was for a long period the only stratum 1 NTP server in Israel used to sync from an atomic clock at the National physics laboratory at HUJI. That clock however is no longer used, and ntp.ac.il is now ntp.ilan.net.il, to be used by the Academia but I think it's also public, and it is a GPS based clock. Also, HUJI has ntp.huji.ac.il, but it can only be used by .ac.il AFAIR (GPS as well). As for other public clocks, ntp.iix.net.il (also known as timeserver.iix.net.il) is actually two clocks (both stratum 2, do nslookup and see you get 2 IPs), each clock is sync'ed by 3 stratum 1 servers, 2 of them mentioned above, and the remaining one is a GPS clock owned by ISOC-IL. The standing best practice would be to have the ISPs and large enterprise organizations install their own NTP server inside their network, which in turn would sync with ntp.iix.net.il and 2 other sources of choice, and will provide NTP service to their customers. This server would be stratum 3 (or stratum 2 if the ISP/Enterprise decides to install it's own stratum 1). This model follows closely the original idea behind the way NTP was designed. Installing an NTP server for ones clients needs to be done carefully, in terms of security, in order to not allow someone to change the time on the NTP server, and to allow the NTP server to only sync with authorized and if possible authenticated clocks. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]