Re: SSL/TLS debugging on MariaDB - tos minclock 4 minsane 1
Thanks Andy.
I certainly did reply to the wrong email, apologies to all.
George.
On Tuesday, 24-09-2024 at 08:43 Andy Smith wrote:
Hi,
You seem to have hit reply on the wrong message so this appears in a
different thread. I've attempted to stitch it back to the other thread
with a References: header, but I might have got that wrong. The other
thread started at
<[🔎] trinity-844a6353-587d-4c15-9f1e-b0c8980aa93e-1727094081079@3c-app-gmx-bap51>.
On Tue, Sep 24, 2024 at 08:23:05AM +1000, George at Clug wrote:
> https://docs.ntpsec.org/latest/miscopt.html
> minsane _minsane_
>
> Specify the number of servers used by the selection algorithm
> as the minimum to set the system clock. The default is 1 for legacy
> purposes; however, for critical applications the value should be
> somewhat higher (e.g. 3) but less than minclock.
>
> Please let me know if the above solves your problem?
Rather than lower minsane to 1, it would be better if OP added at least
two other servers (or used a pool, for providing the same). Although it
says that this is for "critical applications", it's basically free to do
so in most circumstances¹ and unless you do this you can't tell if the
ntp server is correct or not (with two you can't tell *which* is
correct).
Thanks,
Andy
¹ I can see why some places may have policies about not using third
party services, but if it is that important then hopefully such places
can justify having three local NTP clocks.
The other thing people sometimes say to justify having only one is
that they don't care if it's correct only that it's consistent with
all their other stuff. However I've found in real life that I often
want to correlate with events from outside my systems in which case
knowing that at least my stuff was synced to a global understanding of
time is valuable to me.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: