[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ntpdate tip -- hmm? [NEW TOPIC]



Mark L. Kahnt <kahnt@hosehead.dyndns.org> [2002-12-27 12:52:29 -0500]:
> On Fri, 2002-12-27 at 11:39, will trillich wrote:
> > > DEBIAN NEWBIE TIP #59 from Will Trillich <will@serensoft.com>
> > > Wanting to SYNCHRONIZE YOUR SYSTEM CLOCK periodically? If you
> > > 	apt-get install ntpdate ntp-doc
> > > then browse /usr/share/doc/ntp-doc/html for info.
> > 
> > after the "ntpdate -- don't do this thread" subject line won the
> > award for longest thread in the last four decades, i thought i'd
> > send up a flare and see what y'all think about my erstwhile tip
> > above.

It is almost good.

Just by itself ntpdate I could not agree with for all of the reasons
listed in the worlds longest thread.  But if you said this instead I
personally would find it good.

    apt-get install ntp ntp-simple ntp-doc ntpdate
  then browse /usr/share/doc/ntp-doc/html for info.

However, the pointer to rtfm is probably too much for most newbies.
It would be great if ntpdate and ntp-simple both offered to do the
very simple configuration of using the existing DNS servers as NTP
servers and having the debconf set up the configuration files
accordingly.  I think I will wishlist that.

But as a tip for newbies I think that it does not say enough.  It
would be great to point them to a howto such as this one.  But it does
not apply to Debian since the Debian version already does all of this
work.

  http://www.tldp.org/HOWTO/TimePrecision-HOWTO/index.html

Osamu Aoki's excellent debian reference is also a little sparse in
this section.

  http://qref.sourceforge.net/Debian/reference/ch-tips.en.html#s8.6.4

ntpdate by default only runs at boot time.  Which is a fine time to
run this.  The world does not reboot all at once and so impulse spikes
are avoided.  Then let ntpd do continuous updates.  As noted by
another it was only the suggestion to put ntpdate in cron that drew a
huge negative reaction.

Also, I could not fault someone for suggesting chrony.  Not my
personal choice but by all recommendations it is also a fine program.

As a suggestion for NTP servers I generally suggest using your DNS
server.  The distribution tree already exists which avoids creating
distributed denial of service attacks unintentionally.  The knowledge
of what is a DNS server usually transfers.  The use is compatible.
Suggest that the newbie user who has no other ideas should fill in the
NTP servers list with their list of DNS servers.  Not always true, but
generally most ISPs who run a DNS server also run NTP on those servers
too.

> > is it kapiche? is it kaphut? hmm? (at least i didn't recommend
> > running it from cron, eh? :)

> The tip itself is fine - it was the practice of putting ntpdate in cron
> at some commonly thought of time (such as midnight) to update the system
> clock while getting your NTP info from a primary time server - the
> simultaneous requests risking hitting the time server system with a
> thunderclap of requests.

Agreed.  That is a very unneighborly thing to do.  The traditional
thing if they believe you are unneighborly enough is for people to
band together with dogs and torches and to hunt you down at night.
And in those cases they don't even need a reason to believe that.

> It may not be as much of a problem in places such as the United
> States, but in some countries which didn't bankrupt their
> telecommunications industry installing massive bandwidth capacity,
> the local primary time servers may not be on enough bandwidth to
> handle the requests in reasonable fashion.

It really does not matter what your bandwidth is, as long as there is
a limit then it is possible to hit the limit.  The thunderclap effect
as you describe it can create such a large impulse that a distributed
denial of service attack can result regardless.  And it is really easy
to avoid so it is viewed as a rudeness for someone to care so little.
And rudeness begets rudeness.  Better not to go there.

Bob

Attachment: pgpjcfZXV5C9r.pgp
Description: PGP signature


Reply to: