One problem with the vendor.pool.ntp.org approach is that the vendor
sort of loses control of the addressess used. I'd rather see something
like ntp-devicename.vendor.com used in the appliance and that would be a
cname to vendor.pool.ntp.org or some other time provider the vendor
wants to use.
This way the pool project still retains control of the DNS in case of
abuse or some other unforeseen condition, as does the vendor. If a
vendor for some reason changes their mind after a while and wants to use
their own NTP service, they just change their own DNS and the vendor
zone in the pool can be dropped completely. Of course this arrangement
costs an extra dns lookup, but I don't think that would be too heavy a
price to pay (unless the resolver in the appliance doesn't know how to
handle cnames..).
One slight problem with this cname approach is companies that go belly
up, or lose control of the domain name for some other reason.
Tapio
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
