Public bug reported:
I was made aware by chrony upstream (Thanks Miroslav), that the current
default we have in Bionic is violating the ntp pool projects policy.
The default config has:
pool 0.ubuntu.pool.ntp.org iburst
pool 1.ubuntu.pool.ntp.org iburst
pool 2.ubuntu.pool.ntp.org iburst
pool 3.ubuntu.pool.ntp.org iburst
This could be a problem as the client will use 16 servers from the
pool, which is against their policy from [1]:
So don't use more than four time servers in your
configuration, and don't play tricks with burst or minpoll -
all you will gain is extra load on the volunteer time servers.
I'd suggest to either keep only one pool line (preferrably the one
starting with 2 as it provides also IPv6 addresses), or replace "pool"
with "server".
Please note that "pool" works differently in ntpd and chronyd. ntpd
counts all servers together (their number is limited by the tos
maxclock setting), but chronyd handles each pool as an independent set
of up to (by default) four servers.
We discussed on that a bit already, mostly what would be better.
1. I thought about reading the man page at least it seems it seems that only
"pool" has the
feature of "trying different sources until it finds some working".
I'm afraid with 4 server entries that might not work as well in terms of
reliability.
But it turns out that a server specified with "server" is functionally
equivalent to a pool
with maxsources equal to 1. chronyd will try to replace it with
another address if it becomes unrechable, falseticker, etc.
2. I wondered having just one line as a pool, isn't that vulnerable to dns
attacks/outages
more easily?
That would be rare but true, so more entries might be better
3. there is one drawback of
server 0.ubuntu.pool.ntp.org iburst maxsources 1
server 1.ubuntu.pool.ntp.org iburst maxsources 1
server 2.ubuntu.pool.ntp.org iburst maxsources 1
server 3.ubuntu.pool.ntp.org iburst maxsources 1
The maximum number of used IPv6 servers would be limited to one as
currently only 2.ubuntu... serves ipv6.
But the fix for that is to finally make them available as intended -
I'll bump the original bug on this.
[1] http://www.pool.ntp.org/en/use.html
** Affects: chrony (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1754358
Title:
Default Ubuntu configuration violates the ntp pool policy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1754358/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
