Re: NTP Server

[John Kristoff <jtk () cymru com>]

On Sun, 24 Oct 2010 11:34:12 -0400
Brandon Kim <brandon.kim () brandontek com> wrote:

> I wanted to open up this question regarding NTP server. I recalled
> someone had created a posting of this quite awhile back.
> > From a service provider/ISP standpoint,  does anyone think that
> > having a local NTP server is really necessary?

It's not strictly necessary, but I think any serious and
reasonably-sized ISP should probably have their own set of time sources.

This thread might be useful to review for some suggestions, but in
particular Michael's comments are relevant:

  <http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind0809&L=SECURITY&T=0&F=&S=&P=102171>

> 1) How necessary do you believe in local NTP servers? Do you really
> need the logs to be perfectly accurate? 2) If you do have a local NTP
> server, is it only for local internal use, or do you provide this NTP
> server to your clients as an added service? 3) If you do have a local
> NTP server, do you have a standby local NTP server or do you use the
> internet as your standby server?

The "perfect accuracy" of log files might be hard to justify and
quantify. I'd say it's more about having your own trustworthy and
reliable source that you can ensure is operational, reachable and
correct.  That said, it is perfectly fine and probably useful to use
external sources in addition to your own for backup and time
redundancy in your design.

You probably don't need to provide time to your customers unless you
have a good reason to do so or they've been asking, which I'd find
surprising these days for new installations.  The default Microsoft time
service and the pool.ntp.org servers probably work fine for the
majority of end users.

We have some NTP configuration templates here if it helps any:

  <http://www.team-cymru.org/ReadingRoom/Templates/>

John