On Monday, 13 March 2017 12:36:55 UTC+11, Jean-Philippe Ouellet wrote: > On Sun, Mar 12, 2017 at 9:19 PM, Drew White <drew.qu...@gmail.com> wrote: > > Hi folks, > > Hi, > > > I want to set the NTP protocol to target the parent VM and on the NetVM or > > Sys-Firewall have that as the NTP server that feeds everything under it. > > No, you don't want that.
Why don't I want what I want? > > > Thus only one VM calls the external source at a lesser interval to do the > > requests. > > That is already how it works. Then why does EVERY GUEST call pool.ntp.org? (unless I change it in the template for every VM) > > > How, in this system, do I perform this to get that to work please? > > Well, one would start by reading and understanding the relevant source: > > https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qubes.SetDateTime > https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qubes.SyncNtpClock > https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/sync-ntp-clock I read all that, that's why I found out how to change it in the first place, but every time I do something like add a NewGuest and install, with it's defaults to pool.ntp.org, it goes off and gets the NTP from an outside source. (not very secure), so I have to keep changing it to be the local server. I want to capture it all so only the NetVM performs that action. > > > The "ClockVM" does not seem to be operating the way I would have thought a > > "ClockVM" would. > > Only the ClockVM to uses NTP at all, and it sends the time back to > dom0. The rest of the VMs get their time set by dom0 via > qubes.SetDateTime service. So the ClockVM ONLY interacts with Dom0. Fair enough. Then it would be a good addition to allow it to update each Guest. > There are many reasons for this, including eliminating redundant > network traffic, and the fact that it is desirable for time to be > correct in all VMs (including those intentionally without any network > access). redundant network traffic... so every 10 minute PER GUEST, it contacts pool.ntp.org and gets the time. That isn't redundant network traffic. > > Is there a bug in it? > > Lets see... > > https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue%20is%3Aopen%20ntp > https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue%20is%3Aopen%20clockvm > > doesn't look like it! Well, none that have been reported by anyone other than myself when asking questions in the first place about it. But none opened a bug about it because it's "not a bug" even though it is, (in my personal opinion) a very big bug to have EVERY GUEST contact pool.ntp.org every 10 minutes. wether it's a guest that's behind a proxy, or the proxy itself, or the net vm. This is a security concern, and a big one at that. for all unix types, the clock VM should contact the NTP server once every 6 hours (or on boot and then every 6 hours), and every guest should be updated by that guest for time, unless set to otherwise update from elsewhere. I have my own NTP server, and yet I install things, and I just want to capture all NTP from everything behind the NetVM and make it all get the NTP from the NetVM. Unless it's requesting to the designated Network NTP server. > > Sincerely, > > Drew. > > Sincerely, > Jean-Philippe. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e0f07f9e-b559-4265-934a-6603bde5afe8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
