themadbea...@gmail.com said: > In reference to using the NTP Pool, someone mentioned they don't trust them > and the possibility of a "rogue" server. The NTP Pool has a monitor that is > constantly querying every server in the pool, if the time drifts too far it > is removed from the DNS rotation.
There is a catch. The pool code in ntpd never goes back to check to see if a server has been kicked out of the pool or resigned. As long as the server keeps responding, it will be used but subject to the usual filtering rules. If it stops responding, ntpd will drop it and do another DNS query to get a replacement. (There may be some hysteresis on how-many.) Note that there are 2 ways to use the pool. You can say server pool.ntp.org (or us.pool.ntp.org or 0.us.pool.ntp.org) That will latch on to one of the servers in the pool. It won't do the replacement dance I described above. Next time you boot or otherwise restart ntpd you will probably get a different server. In the old says, before ntpd supported the pool command in ntp.conf, it was common to see things like: server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org server 3.pool.ntp.org (Slot 2 also returns IPv6 addresses.) You can also say: pool us.pool.ntp.org That will take several servers from the DNS response and try again later if it needs more. > Also, none of the servers in the pool > should be using leap-smearing (a requirement you mentioned). You can't test a server for smearieness. It wouldn't surprise me if some of them turn out to be getting time from google servers or something similar. -- These are my opinions. I hate spam. _______________________________________________ time-nuts mailing list -- time-nuts@lists.febo.com To unsubscribe, go to http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com and follow the instructions there.