On Thu, 20 May 2004, Randy Bush wrote: > you ask do folk run ntpd on every server. > > i wonder if folk run ntpd on every router. i did and do.
We use ntp on every router for setting time. We don't run ntpd on every server due to security concerns based on the idea that you can't have a hole in a daemon you aren't running. This is relatively unnecessary I suppose since ntpd is probably most commonly configured nowdays not to listen on an exposed port by default. Just out of curiosity... do you run bind on every server? Mike. ps. We run dedicated ntp boxes that don't have hard drives (thanx for the recommendation a few years ago), again with the idea somebody can't install a rootkit on box that doesn't have a hard drive. It's not perfect or even necessary, just an optional precaution. +----------------- H U R R I C A N E - E L E C T R I C -----------------+ | Mike Leber Direct Internet Connections Voice 510 580 4100 | | Hurricane Electric Web Hosting Colocation Fax 510 580 4151 | | [EMAIL PROTECTED] http://www.he.net | +-----------------------------------------------------------------------+
