[time-nuts] can of worms: time-of-day in a community radio station

[Hal Murray]

themadbeaker at gmail.com said:
> In reference to using the NTP Pool, someone mentioned they don't trust them
> and the possibility of a "rogue" server. The NTP Pool has a monitor that is
> constantly querying every server in the pool, if the time drifts too far it
> is removed from the DNS rotation.

There is a catch.  The pool code in ntpd never goes back to check to see if a 
server has been kicked out of the pool or resigned.  As long as the server 
keeps responding, it will be used but subject to the usual filtering rules.  
If it stops responding, ntpd will drop it and do another DNS query to get a 
replacement.  (There may be some hysteresis on how-many.)

Note that there are 2 ways to use the pool.  You can say
  server pool.ntp.org (or us.pool.ntp.org or 0.us.pool.ntp.org)
That will latch on to one of the servers in the pool.
It won't do the replacement dance I described above.
Next time you boot or otherwise restart ntpd you will probably get a different 
server.

In the old says, before ntpd supported the pool command in ntp.conf, it was 
common to see things like:
  server 0.pool.ntp.org
  server 1.pool.ntp.org
  server 2.pool.ntp.org
  server 3.pool.ntp.org
(Slot 2 also returns IPv6 addresses.)

You can also say:
  pool us.pool.ntp.org
That will take several servers from the DNS response and try again later if it 
needs more.


> Also, none of the servers in the pool
> should be using leap-smearing (a requirement you mentioned). 

You can't test a server for smearieness.  It wouldn't surprise me if some of 
them turn out to be getting time from google servers or something similar.



-- 
These are my opinions.  I hate spam.