On 7/27/05, Ariel Biener <[EMAIL PROTECTED]> wrote: > On Monday 25 July 2005 21:40, Yedidyah Bar-David wrote: > > > And the netvision server. All seem to sync from that startum 1 server at > > > HUJI. > > > > No, timeserver.iix.net.il has its own gps. > > Hello, > > Among the public NTP servers available, none is stratum 1, as stratum 1 > should never be made public, but instead it should serve a series of stratum 2
Why not? As long as its owner doesn't care? > servers who serve the public. The legendary ntp.ac.il, which was for a long > period the only stratum 1 NTP server in Israel used to sync from an atomic > clock at the National physics laboratory at HUJI. That clock however is no > longer used, and ntp.ac.il is now ntp.ilan.net.il, to be used by the Academia > but I think it's also public, and it is a GPS based clock. Also, HUJI has > ntp.huji.ac.il, but it can only be used by .ac.il AFAIR (GPS as well). As for > other public clocks, ntp.iix.net.il (also known as timeserver.iix.net.il) is > actually two clocks (both stratum 2, do nslookup and see you get 2 IPs), each > clock is sync'ed by 3 stratum 1 servers, 2 of them mentioned above, and the > remaining one is a GPS clock owned by ISOC-IL. > > The standing best practice would be to have the ISPs and large enterprise > organizations install their own NTP server inside their network, which in turn > would sync with ntp.iix.net.il and 2 other sources of choice, and will provide > NTP service to their customers. This server would be stratum 3 (or stratum 2 > if the ISP/Enterprise decides to install it's own stratum 1). This model > follows closely the original idea behind the way NTP was designed. Since you seem to be up to date with the situation, do you think you know who to talk to in order to organize an il.pool.ntp.org sub-domain (see http://www.pool.ntp.org/)? I think it's more of a matter of having a concent from the server's owner than anything else. > > Installing an NTP server for ones clients needs to be done carefully, > in terms of security, in order to not allow someone to change the time on > the NTP server, and to allow the NTP server to only sync with authorized > and if possible authenticated clocks. In what way? Screwing with the signal or just logging in and running date(1)? Isn't it recommanded to setup a local NTP server for large networks? And what's the difference of this recommandation from the "best practice... ISP's setup their own clock" that you mentioned above? Thanks for the update. --Amos > > > --Ariel > -- > Ariel Biener > e-mail: [EMAIL PROTECTED] > PGP: http://www.tau.ac.il/~ariel/pgp.html ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
