[vox-tech] rdate servers and apt-get for redhat

Rick Moen vox-tech@lists.lugod.org
Sun, 15 Dec 2002 17:57:30 -0800


Quoting Eric Nelson (en77@attbi.com):

> Here is what I use in crontab:
> 59 * * * * /usr/sbin/ntpdate ntp-dec.usno.navy.mil >> /dev/null

The hostname is a CNAME for usno.pa-x.dec.com, operated by Compaq in
Palo Alto for the U.S. Naval Observatory.  It's a stratum 1 server.
Posted access policy is "Access Policy: open access for stratum 2
servers, Compaq, others by arrangement." (http://tycho.usno.navy.mil/ntp.html)

USNO states at the top of the listing at the top of the page: "All of
the following stratum 1 NTP servers are open to stratum 2 servers within
the same time zone and to others by arrangement."

http://www.eecis.udel.edu/~mills/ntp/servers.html states:  "Please
respect the access policy as stated by the responsible person. It is
very important that potential clients avoid use of servers not listed as
open access, unless approved first by the responsible person. This
especially includes indiscriminate use of servers not listed in the
list, since this can be disruptive. The responsible person should always
be notified upon establishment of regular operations with servers listed
as open access. Servers listed as closed access should NOT be used
without prior permission, since this may disrupt ongoing activities in
which these servers are involved."

That page clarifies about what is meant by a stratum 2 server:  "The
secondary server provides synchronization to a sizable population of
other servers and clients on the order of 100 or more."  (There's more.)

It is not unknown for members of the general public who sync to statum 1
servers without prior arrangement to find their entire IP blocks blocked
by the statum 1 server operator.

On the bright side, doing the sort of periodic ntpdate you discuss is
less likely to risk the wrath of a statum 1 server than would running
ntpd against it -- as I've seen people urge on other mailing lists that
I guess should go nameless.

-- 
Cheers,             "Don't use Outlook.  Outlook is really just a security
Rick Moen            hole with a small e-mail client attached to it."
rick@linuxmafia.com                        -- Brian Trosko in r.a.sf.w.r-j