For systems supporting multiple ntp servers you have a very good point but what about systems that only support a single ntp server? A few appliances I've dealt with fall into this area.
(Perhaps a separate DNS entry and/or IP address for this so as not to wreck the "average" ?)

Or what about simply setting up any ntp client able to cope with multiple servers, with ip addresses instead of host names? DNS changes in this sort of case wouldn't matter so much?

(I confess to some holes in my understanding of the way NTP deals with multiple time servers)

Regards

-- 
Mark.

Sent from a mobile device.

On 2/08/2014, at 0:48, Nathan Ward <nznog@daork.net> wrote:

I’m catching up on old mail and I notice this hasn’t been fixed yet.

The NTP protocol is designed to cope with failures without this sort of re-mapping. By re-mapping ntp2 on to ntp3, you have doubled the influence that ntp3 has, so that if someone has both ntp2 and ntp3 configured (which is a reasonable assumption) and ntp3 starts giving out bad data, things are more likely to break in some situations.

We have had discussion on this list before about the architecture of this, and so I hope others have taken my advice and are running at least 4 NTP servers (ie. the ntp.net.nz 3 + 1(+) others, perhaps).
If people are running with only the ntp.net.nz time servers, the impact of bad data is reduced if it bad data on ntp1, but increased if it is on ntp3.

I have just done some quick analysis, and ntpd treats named peers that resolve to the same IP addresses are distinct peers - I have a process running here that has selected the ntp2 entry as the system peer, and ntp1 and ntp3 are candidates. This means that it is averaging the three of them, and of course ntp2 and ntp3 are going to give me the same data so the average is weighted in their favour.

In any case, let’s not futs with the protocol and try outsmart it, it’s got redundancy built in, so lets use it - please remove the ntp2 -> ntp3 mapping, or, point ntp2 to somewhere other than ntp3.. though, if you point it to somewhere that people rely on as their 4th(+) server, you’re only slightly improving things.

On 14/07/2014, at 5:04 pm, Josh Simpson <josh@nzrs.net.nz> wrote:

Hi all,

As some of you may have noticed ntp2.ntp.net.nz and its aliases p2.ntp.net.nz and s2.ntp.net.nz stopped responding late on 08-07-2014.

This is related to a hardware fault with the NTP appliance, we are currently investigating both repair and replacement options.

As a temporary measure the DNS records for ntp2.ntp.net.nz, p2.ntp.net.nz and s2.ntp.net.nz have been pointed to ntp3.ntp.net.nz.

Information about these appliances and the services they provide can be found at https://ntp.net.nz.

If you need any further information, please contact us at support@nzrs.net.nz

Josh
-- 
Josh Simpson
Systems Administrator
.nz Registry Services
M: +64 21 783 399
P: +64  4 555 0124
GPG: 6516 B4EA 413B CAED 57B5 0956 124C 8AC3 A362 8080
www.nzrs.net.nz
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog

--
Nathan Ward

_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog