On 2013-05-28T12:00:31-0400, Phil Pennock <[email protected]> wrote: > Folks, after a tree-induced power & ISP connectivity outage, my router > decided that the date/time was April 1st. Well, at least it got the > year right. > > To fix this, it tried to bring up time using 0-3 in > openwrt.pool.ntp.org. Reasonable enough. I also use Unbound, for > DNSSEC validation. > > Because time was so far off, I couldn't resolve the hostnames needed to > get the IP addresses to sync against. > > When I've run servers with NTP, I always hard-coded IPs, while complying > with stated policies for client usage of a given server, and tracked > changes; this was necessary for the hole-opening `restrict` rules > anyway, and useful for avoiding such glitches. In this case, it's a > home router and I'm using the pool project servers. > > I understand that the *.pool.ntp.org hostnames are more dynamic and it's > very much frowned upon to hardcode these names. > > How do folks here, providing this public service, feel about a tool > which can be run from cron, resolves the IPs periodically and puts them > live in a local unvalidated (".lan") zone and/or rewrites config files, > so that the hostnames are dynamic at a resolution of about a day, but > resolvable without needing accurate time? > > Otherwise, as DNSSEC becomes more prevalent, I think that this catch-22 > will bite harder: to set time, you need DNS to resolve the hostnames, > but DNS under .org requires accurate time to avoid failures of > resolution when finding the TLD NS servers, so we can't resolve the > timeserver hostnames.
I've experienced the same issue, and my solution is to hardcode the IPv4 and IPv6 addresses of my Linode (which also is in the pool) into my OpenWrt routers, in addition to using openwrt.pool.ntp.org. Maybe you can do the same, picking an appropriate server from https://support.ntp.org/bin/view/Servers/StratumTwoTimeServers if you don't have your own off-site machine with a static address? Otherwise, as a pool server operator, I'd be fine with such a dynamic config-writing tool as you describe. -- Kenyon Ralph
signature.asc
Description: Digital signature
_______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
