On Sun, 11 Oct 2020 12:49:16 +0200 (CEST) Havard Eidnes <[email protected]> wrote:
> > The question is whether we ought to do something to break this > > circular dependency in our default install by specifying one or two > > (depending on "minsane" and resiliency conciderations) ntp servers > > via IP address? The issue then becomes "which IP address(es)" and > > "how can that scale"? > > ...or improve the documentation for potentially RTC-less systems > about the rc.conf ntpdate_hosts workaround. > > Regards, > > - HÃ¥vard If you look at /etc/rc.d/ntpdate script, it checks if "ntpdate_hosts" is empty and if yes, attempts to extract hosts from /etc/ntp.conf I would suggest adding the following logic: 1. Extract hosts and check if they are hostnames and not IP addresses. 2. Attempt to resolve each one of them. If they all fail, fall back to hardcoded list of IP addresses that point to public NTP servers. The hardcoded NTP servers list would need to be something that is not likely to have their IP addresses changed and are always available, similar to CloudFlare or Google public DNS servers. This is not 100% full proof, but should work for any machine that is able to route NTP packets to the Internet. The man page for ntpdate talks about NetInfo support. No idea what this is (maybe somehow similar to SRV records?), but if this is enabled, NTP server name/IP can be omitted and ntpdate somehow finds suitable one automagically. This probably still needs fully working DNS service.
