nanog mailing list archives
Re: Need trusted NTP Sources
From: Chris Adams <cma () cmadams net>
Date: Thu, 6 Feb 2014 08:35:03 -0600
Once upon a time, Nick Hilliard <nick () foobar org> said:
So presuming that your company is using RH or Fedora or CentOS something, the auditors are claiming that Red Hat, Inc is trusted enough to provide a precompiled based operating system with no feasible means of proving its reliability, but that they're not trustworthy enough to provide a clock synchronisation service?
Red Hat does not provide an NTP service themselves. The default NTP config on a Red Hat Enterprise Linux system uses rhel.pool.ntp.org. I suppose some auditor could dislike the "openness" of pool.ntp.org (basically anybody can join). If that is the case, your best bet is to do some combination of the following: - As others have suggested, set up your own stratum-1 clock (can be done for around $100). Ideally you'd set up more than one. - Set up several servers with a static set of NTP servers rather than the general pool servers. See the lists on www.pool.ntp.org; look under the docs for setting up a server to join the pool. You don't have to actually join the pool, but following those docs is a good way to set up a stable server. After that, point the rest of your servers at your "master" servers, rather than the public pool. -- Chris Adams <cma () cmadams net>
Current thread:
- Need trusted NTP Sources Notify Me (Feb 06)
- Re: Need trusted NTP Sources Nick Hilliard (Feb 06)
- Re: Need trusted NTP Sources Notify Me (Feb 06)
- Re: Need trusted NTP Sources Nick Hilliard (Feb 06)
- Re: Need trusted NTP Sources Chris Adams (Feb 06)
- Re: Need trusted NTP Sources Notify Me (Feb 06)
- Message not available
- Re: Need trusted NTP Sources Notify Me (Feb 06)
- Re: Need trusted NTP Sources Aled Morris (Feb 06)
- Re: Need trusted NTP Sources Mark Milhollan (Feb 06)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 06)
- Re: Need trusted NTP Sources Saku Ytti (Feb 07)
- Re: Need trusted NTP Sources Jimmy Hess (Feb 07)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 08)
- Re: Need trusted NTP Sources Roy (Feb 07)
- RE: Need trusted NTP Sources Matthew Huff (Feb 07)
- Re: Need trusted NTP Sources Jared Mauch (Feb 07)
- Re: Need trusted NTP Sources Notify Me (Feb 06)
- Re: Need trusted NTP Sources Nick Hilliard (Feb 06)