Re: ntpsec as server questions
On Mon, Dec 4, 2023 at 1:23 AM Charles Curley
<charlescurley@charlescurley.com> wrote:
>
> On Mon, 4 Dec 2023 00:20:45 -0500
> Jeffrey Walton <noloader@gmail.com> wrote:
>
> > I'm not sure that is correct. According to RFC 2132, Section 8.3, the
> > NTP time server source option is IP addresses, not hostnames. That
> > means ISC DHCP docs need to say it resolves a hostname to an IP, or it
> > needs to tell people to use IP addresses in accordance with the RFC.
> > See <https://datatracker.ietf.org/doc/html/rfc2132#section-8.3>.
>
> Well, I don't know about the RFC, but the ISC DHCP server gets along
> find with host names. From my /etc/dhcp/dhcpd.conf:
>
> option ntp-servers ntp.localdomain, ntp1.localdomain; # issola, aliased; chaffee, aliased.
>
> I think the server looks the addresses up and transmits the addresses.
> My clients see IP addresses, anyway.
>
> > If you try that [using a hostname in NTP server option] with the ISC's
> > KEA DHCP (KEA is ISC's rewrite of the old DHCP server), then the
> > server fails to start. You must use an IP address for NTP server
> > option with KEA DHCP.
>
> Well, that's silly. One of the nice things about using host names is
> that you can move the service from one machine to another (as I just
> did) and all you have to do is change the alias in your zone file.
>
> I'm not going to look to see if a more recent RFC amends that.
Well, I don't disagree with you:
<https://forum.netgate.com/topic/184196/kea-dhcp-dont-resolve-a-ntp-br>.
It makes sense that a hostname is resolved since it could reveal a
pool of NTP servers. And then the server could send the IP addresses
associated with the pool. But what do I know...
Jeff
Reply to: