[ntp:questions] NTP does not sync when using pool.ntp.org

[ntp:questions] NTP does not sync when using pool.ntp.org

Post by Brad Knowl » Sat, 11 Oct 2003 02:32:08



You'd have to make sure that the order of listing in each pool is
totally different from the other two -- pseudo-random number
generators may be helpful here. Of course, you can't guarantee that
the secondaries are going to serve out those records in the same
order as the master. ;-(


For the larger pools (i.e., pool.ntp.org), this would certainly
be true. For the smaller pools (i.e., ones with only a handful of
addresses), it would be far too easy for them to get in sync.

For this reason, it might actually be best to have country-level
pools be CNAME aliases to region-level pools (e.g.,
europe.pool.ntp.org, na.pool.ntp.org, etc...), unless there are
enough servers within a single country to ensure a reasonably low
probability of getting in sync (i.e., at least ten or more).

If there aren't enough region-level servers, then they could be
further CNAME aliases to hemisphere-level (or other higher-level)
pools.


I have specialized in the DNS for a number of years, and I was a
technical reviewer of 2nd edition of the O'Reilly book _DNS and
BIND_. I'm working on a variety of ideas to try to help make this
concept work better.

--
Brad Knowles, < XXXX@XXXXX.COM >

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
 
 
 

[ntp:questions] NTP does not sync when using pool.ntp.org

Post by Brad Knowl » Sat, 11 Oct 2003 10:10:12


Therein lies the rub -- "handed out at random". There are many
studies that can clearly show that many resolvers are so badly
screwed up that it's impossible to have any kind of reasonable
guarantee that this will happen. Indeed, one resolver bug alone is
enough to result in a.root-servers.net getting twice as much traffic
as any other root nameserver (at the time), simply because that name
occurs first in the list.


If you can guarantee that each alias will return the addresses in
a different order, then having a larger number of smaller sets of
addresses should be good. However, that depends a great deal on
Adrian's implementation.


The problem is more complex than this.

I've got alternative solutions I'm working on that I hope will be
a better solution. I hope.

--
Brad Knowles, < XXXX@XXXXX.COM >

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

 
 
 

[ntp:questions] NTP does not sync when using pool.ntp.org

Post by Brad Knowl » Sun, 12 Oct 2003 02:58:10


I'm working on ways to resolve this issue so that you don't have
to keep changing the zone.

--
Brad Knowles, < XXXX@XXXXX.COM >

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)