I've provisionally set up some redirects for pool.ntp.org on my
internal "private" DNS servers. My goal is to direct all time requests
for *.pool.ntp.org to my internal NTP server pool, but still allow
clients to contact us.pool.ntp.org when they are "on the road". That
way I can configure all clients to use *.us.pool.ntp.org time servers
without having to open up UDP port 123 for all client (which is
stealthily overloaded by some P2P applications).
Provisionally, I have set up a DNS zone for pool.ntp.org internally like so:
Name Type Data
. TXT "This domain is used for redirecting NTP time
requests to internal time servers. Set up by RPM on 2007-03-20"
* CNAME ntp.example.com.
www A 63.251.223.163
This setup currently directs all pool addresses (pool.ntp.org,
0.pool.ntp.org, 1.us.pool.ntp.org, etc) to my ntp.example.com time
server pool. It also has an exception for www.pool.ntp.org so people
can still browse that site.
My tests indicate that this should work fine, except I will have to
track any changes to www.pool.ntp.org manually. Can anybody think of
any issues with this setup (other than the fact that I am deliberately
poisoning my own DNS cache?) Would there be a better way to achieve
the same goals?
I was thinking of configuring all of my clients to use
ntp.example.com, and then putting a CNAME for ntp.example.com in my
external "public" DNS that points to us.pool.ntp.org. I can't think of
any advantage to doing that over doing the CNAME redirection
internally, though, so I thought it best to keep my DNS hacking inside
the firewall.
Thank you for any insights,
--
RPM
=========================
All problems can be solved by diplomacy, but violence and treachery
are equally effective, and more fun.
-Anonymous
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
