On 4/19/10, Bill Thoen <bth...@gisnet.com> wrote: > Marvin Kosmal wrote: >> All >> >> I was assuming the OP was not running NTPD and was using ntpdate to >> set system time >> >> <quote> >> ntpdate can be run manually as necessary to set the host clock, or it >> can be run from the host startup script to set the clock at boot >> time. >> This is useful in some cases to set the clock initially before >> starting >> the NTP daemon ntpd. It is also possible to run ntpdate from a >> cron >> script. However, it is important to note that ntpdate with >> contrived >> cron scripts is no substitute for the NTP daemon, which uses >> sophisti- >> cated algorithms to maximize accuracy and reliability while >> minimizing >> resource use. Finally, since ntpdate does not discipline the host >> clock >> frequency as does ntpd, the accuracy using ntpdate is limited. >> </quote> >> >> So I don't see anything wrong with running ntpdate or rdate once a day >> if you want.. Given NTPD would be better... Probably not a critical >> issue?? >> > It all depends on how much your time gets shifted suddenly when you use > ntpdate. I learned the hard way when that happens all Hell breaks loose > on a server. If your time kicks backwards by as little as 110 seconds > all of a sudden, Dovecot will panic and kill itself-- it even announced > in the log that it was "going to kill myself"), so you lose your IMAP > connections right away. Other software starts whinging too. The RBL spam > blocker I had running suddenly started "synchronizing" with its friends > in Berkeley and elsewhere every few minutes (and since I didn't know at > the time what this "synchronizing" was all about and coincidentally I > was just then getting hit with a super large volume of spam (53Mb as it > turned out, over a couple of hours ). Every daemon starting writing log > entries at once. Then the Amavis daemon (virus checker) gave up its > ghost and keeled over dead. I was also getting hundreds of error > messages from Named like: "validating @0x7f82840008c0: 115.in-addr.arpa > DNSKEY: bad cache hit (115.in-addr.arpa/DS): 1 Time(s)". XNTPD got > killed too after complaining about "no servers reachable", and > "...cannot be used reason: temporary failure in name resolution." (the > DNS stopped working too.) > > I'm not a wizard at the sysadmin stuff so I 'm not sure if it was the > boatload of spam that washed in over the transom just as the time > change incident occurred, or if it was just the sudden time shift alone, > or both, but it really rocked /my/ boat. But as I RTFM'ed the Dovecot > docs later ttrying to figure out WTF happened the section in > TimeMovedBackwards on Dvoecot's wiki > (http://wiki.dovecot.org/TimeMovedBackwards) explains all the horrible > things that could happen and make Dovecot's best option being just to > fall upon its sword. > > But I did learn one lesson clearly. Don't fool around with 'date' > --especially the -s option-- when you're logged in as root so you can > tinker with a script that has to run as root! > > Bill Thoen > GISnet - www.gisnet.com > 1401 Walnut St., Suite C > Boulder, CO 80302 > 303-786-9961 tel > 303-443-4856 fax >
OK.... I can see that running NTPD is the only thing to do........ Thanks for the examples.... Marvin _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug