[AusNOG] NTP Best Current Practices Internet Draft
Mark Smith
markzzzsmith at gmail.com
Sat Feb 2 12:46:48 EST 2019
On Sat, 2 Feb 2019 at 12:31, O'Connor, Daniel <darius at dons.net.au> wrote:
>
>
>
> > On 2 Feb 2019, at 11:48, Mark Smith <markzzzsmith at gmail.com> wrote:
> > The problem that occurred with 0.au.pool.ntp.org proving bad time
> > wouldn't have had an effect if the Windows domain controller had at
> > least 2 other NTP time sources.
>
> The behaviour of OPs system implies that a PDC does not use more than one clock source.
>
Only one time source is used at a time - the current best one. However
the sources are continuously compared, and if a better source becomes
available or the current source gets worse, the new best one will be
changed to.
Here's an article from Microsoft showing Windows, at least in 2008,
supports multiple NTP time sources.
"Configuring the Time Service: NtpServer and SpecialPollInterval"
https://blogs.msdn.microsoft.com/w32time/2008/02/26/configuring-the-time-service-ntpserver-and-specialpollinterval/
> If that is true (I have no idea, but googling suggests it may be so) then you are going to end up relying on a single time server. In that case you are probably better firing up a tiny Linux VM running only ntpd (or chrony etc etc) which is configured for multiple pool servers and then point your DCs at that.
>
Since VMs are cheap, you're probably better off running up 3 or 4,
having them use separate time sources, and then have all your local
hosts get time from those 3 or 4 VM time sources. You never want a
SPOF for time, as the OP has found out.
> It does seem pretty ridiculous than Windows server can't behave more sensibly though..
>
> --
> Daniel O'Connor
> "The nice thing about standards is that there
> are so many of them to choose from."
> -- Andrew Tanenbaum
>
>
More information about the AusNOG
mailing list