I would not use DNS for this, I use IP rules to redirect all LAN ntp requests to my internal ntp servers.
No need to reconfigure the laptops, they can query any ntp server they want but when inside your LAN they all end up querying your own ntp servers, it doesn't matter for what IP they ask for. I posted about this on this list, I can find it and repost if you want... -Louis On Tue, 20 Mar 2007, Ryan Malayter wrote: > I've provisionally set up some redirects for pool.ntp.org on my > internal "private" DNS servers. My goal is to direct all time requests > for *.pool.ntp.org to my internal NTP server pool, but still allow > clients to contact us.pool.ntp.org when they are "on the road". That > way I can configure all clients to use *.us.pool.ntp.org time servers > without having to open up UDP port 123 for all client (which is > stealthily overloaded by some P2P applications). > > Provisionally, I have set up a DNS zone for pool.ntp.org internally like so: > Name Type Data > . TXT "This domain is used for redirecting NTP time > requests to internal time servers. Set up by RPM on 2007-03-20" > * CNAME ntp.example.com. > www A 63.251.223.163 > > This setup currently directs all pool addresses (pool.ntp.org, > 0.pool.ntp.org, 1.us.pool.ntp.org, etc) to my ntp.example.com time > server pool. It also has an exception for www.pool.ntp.org so people > can still browse that site. > > My tests indicate that this should work fine, except I will have to > track any changes to www.pool.ntp.org manually. Can anybody think of > any issues with this setup (other than the fact that I am deliberately > poisoning my own DNS cache?) Would there be a better way to achieve > the same goals? > > I was thinking of configuring all of my clients to use > ntp.example.com, and then putting a CNAME for ntp.example.com in my > external "public" DNS that points to us.pool.ntp.org. I can't think of > any advantage to doing that over doing the CNAME redirection > internally, though, so I thought it best to keep my DNS hacking inside > the firewall. > > Thank you for any insights, > > -- > RPM > ========================= > All problems can be solved by diplomacy, but violence and treachery > are equally effective, and more fun. > -Anonymous > _______________________________________________ > timekeepers mailing list > [email protected] > https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers > Louis _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
