North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: well-known NTP?

  • From: Lars-Johan Liman
  • Date: Tue Apr 11 19:11:11 2006

[I just happened to see this, browsing at high speed, so please
forgive me, if I'm out of context.]

[email protected]:
> AS112-style NTP service, anyone?  That would be cooperative and
> possibly even useful.

That is actually not necessarily such a good idea.

With the current AS112 stuff, we only provide DNS reverse service for
network for which there should essentially be no queries. Hence,
replying with "doesn't exist" is kind of OK. Should an anycast
instance go rouge and give false answers, that is still within the
bounds of "acceptable", since the query shouldn't be there in the
first place.

If you create a disparate anycast system of NTP server, you run into a
security issue, since many security protocols have "accurate time" as
an important parameter, and a rouge anycast NTP server could create
substantial amounts of harm from security and other standpoints by
giving out incorrect time.

Nope, you want your NTP to come from an appropriate source ...
preferrably with signatures.

# There are 10 kinds of people in the world. Those who understand
# binary numbers, and those who don't.
# Lars-Johan Liman, M.Sc.	! E-mail: [email protected]
# Senior Systems Specialist     ! HTTP  : //
# Autonomica AB, Stockholm 	! Voice : +46 8 - 615 85 72