On May 2, 2019, at 10:59 AM, William Herrin <bill@herrin.us> wrote:
On Wed, May 1, 2019 at 7:03 PM Harlan Stenn <stenn@nwtime.org <mailto:stenn@nwtime.org>> wrote: It's not clear to me that there's anything *wrong* with using the pool, especially if you're using our 'pool' directive in your config file.
The one time I relied on the pool I lost sync a year later when all three servers the configuration picked withdrew time services and the still-running ntp client didn't return to the names to find new ones. Wonderful if that's fixed now but the pool folks argued just as strongly for using it back then.
Also, telling the security auditor that you have no idea who supplies your time source is pretty much a non-starter. You can convince them of a lot of things but you can't convince them it's OK to have no idea where critical services come from.
That's what's wrong with the pool.
Regards, Bill Herrin
-- William Herrin ................ herrin@dirtside.com <mailto:herrin@dirtside.com> bill@herrin.us <mailto:bill@herrin.us> Dirtside Systems ......... Web: <http://www.dirtside.com/ <http://www.dirtside.com/>>
I have only ever used the pool as a supplement to other servers. Here is a snippet from ntp.conf that was found in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard.’ * # External Time Synchronization Source Servers # server tick.usno.navy.mil # open access server time.apple.com # open access server Time1.Stupi.SE # open access server ntps1-0.uni-erlangen.de # open access server 0.pool.ntp.org # open access server 1.pool.ntp.org # open access server 2.pool.ntp.org # open access server nist1-nj2-ustiming.org # open access server nist1-chi-ustiming.org # open access server nist1-pa-ustiming.org # open access # I have not kept up with pool changes since then. *Apologies to Douglas Adams