After digging through all the DNS queries originating from my "chatty" Narwal Freo, I'm wondering why they are so obsessed with network time? Besides talking to several subdomains off of narwaltech.com, the robot is making DNS queries once every minute with ntp5.aliyun.com. And that is in addition to a couple other NTP servers at ntp.org. This really doesn't feel like an efficient use of network / server /... Source: 11 months ago
The stratum level changes depending on who is reading the clock. If you look at your peer list for ntp.org you will see it change between stratum 1 and 2, depending on when your remote peer last read from the clock. When your DC reads from this list, it will update its stratum level as well, and all clients reading from it will update accordingly. Source: about 1 year ago
Ntp settings in default gpo, "Main" pdc emulator DC uses ntp.org and the other DCs sync to it and call it a day. Source: about 1 year ago
Also, I have NTP for all ESXi hosts and vCenter set to ntp.org pools. I don't use OPNsense as an NTP server, but that is set the same as well. Source: about 1 year ago
So I configured my new Firewalla Gold Plus to block DoH Servers, so that my internal devices can't go around my NextDNS CLI config. However, I was reviewing the Flows logs for the fun of it, and saw that outbound NTP requests to NTP servers were blocked. Both of these blocks are to ntp.org domains which to my knowledge would not be servicing ANY DNS requests of any type. So I'm baffled why these ntp.org servers... Source: over 1 year ago
Russia and Japan were long the laggards in the switchover to UTF-8. However, in 2022, 94% of .ru domains and 96% of .jp domains serve UTF-8 (figures for websites are 98% overall, notable exceptions are things like ntp.org and yimg.com that are 1) ancient and 2) are very conservative about potentially breaking compatibility. Source: over 1 year ago
In my network flows for my eeros I see no traffic except to ntp.org, azonaws.com, amazon.com, and e2ro.com... ever. Source: over 1 year ago
I have the exact same question, but unfortunately that is above my paygrade. I was just told to fix it. The quy wanted to change the time source for the whole domain, but I pushed back and said that's not needed. The DC with with the NTP roles has it pointing to the ntp.org sites for time, which is perfectly fine. Source: over 1 year ago
My dd-wrt for some reason is showint the time and tate from 7 months ago and I want to verify that ntp.org thing is working. Source: over 1 year ago
You are absolutely correct about time and key/certificate validity. Hence many OS's simply call out to the internet to get the time from a time server, typically at ntp.org. Source: almost 2 years ago
I've got two internal NTP servers (stratum 1 and stratum 2) which I add with 'prefer'. Then I add two pools from ntp.org as backups. Source: almost 2 years ago
Maybe I'm an idiot, but I'm struggling to find a celebrate consensus on configuring the ntp.conf. I know I should have more than 2 servers. So far I have google time, NIST, RHEL and ntp.org time servers. I first used the pool directive on them, when I ran ntpq -p I had over 30 ntp servers. Thats probably overkill, so I toned it back and just used the server directive. ⠀Is it bad to use multiple NTP servers from... Source: about 2 years ago
Awesome! Glad you were able to follow along and get it going for your pfSense. If you have a static IP, think about putting your box on the ntp.org pools! Source: over 2 years ago
Sapling IP clocks at all sites. Do not use any kind of master clock; they all check every 15 minutes with ntp.org to set their time. We have around 200 clocks. Source: over 2 years ago
"Just" have all clients sync online (e.g. ntp.org) and be done with it. Source: over 2 years ago
You'd have to poison enough of the pool to notice. Not one host. And ensure you're not caught by ntp.org scripts looking for NTP servers handing out bad info or that no other customers notice the poisoning. Source: over 2 years ago
Completely agree. I used to only use ntp.org, but got burned at one point due to some really poor quality servers in the pool. Source: over 2 years ago
And I am NOT syncing with ntp.org's pool or anything so low level. I'm getting at a minimum Stratum 2 sources that will let me poll them. Why pull from the bottom of the totem pole if you can get it from a WAY more accurate source. Source: almost 3 years ago
Ntp.org has a good explanation of the logic behind this here in section 5.3.3: https://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers#Section_5.3.3. Source: almost 3 years ago
In a perfect world you have internal and external DNS or split DNS. Your inside zone devices only ever talk to internal DNS. Internal DNS then resolves everything against your external DNS, which gets its DNS from the outside. I noticed you asked about BYOD, we have an entirely separate zone with its own DHCP and DNS and it's completely isolated from the internal zone. BYOD has to get DNS from the BYOD DNS... Source: about 3 years ago
Do you know an article comparing Network Time Protocol daemon to other products?
Suggest a link to a post with product alternatives.
This is an informative page about Network Time Protocol daemon. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.