Marvin Kosmal wrote: > All > > I was assuming the OP was not running NTPD and was using ntpdate to > set system time > > <quote> > ntpdate can be run manually as necessary to set the host clock, or it > can be run from the host startup script to set the clock at boot time. > This is useful in some cases to set the clock initially before starting > the NTP daemon ntpd. It is also possible to run ntpdate from a cron > script. However, it is important to note that ntpdate with contrived > cron scripts is no substitute for the NTP daemon, which uses sophisti- > cated algorithms to maximize accuracy and reliability while minimizing > resource use. Finally, since ntpdate does not discipline the host clock > frequency as does ntpd, the accuracy using ntpdate is limited. > </quote> > > So I don't see anything wrong with running ntpdate or rdate once a day > if you want.. Given NTPD would be better... Probably not a critical > issue?? > It all depends on how much your time gets shifted suddenly when you use ntpdate. I learned the hard way when that happens all Hell breaks loose on a server. If your time kicks backwards by as little as 110 seconds all of a sudden, Dovecot will panic and kill itself-- it even announced in the log that it was "going to kill myself"), so you lose your IMAP connections right away. Other software starts whinging too. The RBL spam blocker I had running suddenly started "synchronizing" with its friends in Berkeley and elsewhere every few minutes (and since I didn't know at the time what this "synchronizing" was all about and coincidentally I was just then getting hit with a super large volume of spam (53Mb as it turned out, over a couple of hours ). Every daemon starting writing log entries at once. Then the Amavis daemon (virus checker) gave up its ghost and keeled over dead. I was also getting hundreds of error messages from Named like: "validating @0x7f82840008c0: 115.in-addr.arpa DNSKEY: bad cache hit (115.in-addr.arpa/DS): 1 Time(s)". XNTPD got killed too after complaining about "no servers reachable", and "...cannot be used reason: temporary failure in name resolution." (the DNS stopped working too.)
I'm not a wizard at the sysadmin stuff so I 'm not sure if it was the boatload of spam that washed in over the transom just as the time change incident occurred, or if it was just the sudden time shift alone, or both, but it really rocked /my/ boat. But as I RTFM'ed the Dovecot docs later ttrying to figure out WTF happened the section in TimeMovedBackwards on Dvoecot's wiki (http://wiki.dovecot.org/TimeMovedBackwards) explains all the horrible things that could happen and make Dovecot's best option being just to fall upon its sword. But I did learn one lesson clearly. Don't fool around with 'date' --especially the -s option-- when you're logged in as root so you can tinker with a script that has to run as root! Bill Thoen GISnet - www.gisnet.com 1401 Walnut St., Suite C Boulder, CO 80302 303-786-9961 tel 303-443-4856 fax _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
