In my wide area company with about 1000 clients, I organized ntp server hierarchy in 2 levels:

level A - n.1 Physical Linux server (Centos 6) - SERVER MASTER
level B - n.3 Physical Linux server (Centos 6) - NTP1, NTP2, NTP3 (for clients)

Server MASTER retrieves time directly from servers of public newtwork.
Server NTP1, NTP2, NTP3 retrieves time from server MASTER and they are the official NTP server used from clients.

What do you think about this ntp server structure? I know NTP server numbers must be 1, 3 or 4,....
I know ntp server must be a physical machine because its clock is more exact. Right ?

On 07/04/2023 10:47, Renzo Marengo wrote:
> I know NTP server numbers must be 1, 3 or 4,....

I don't understand this. NTP servers don't have numbers. They do have
a stratum, but that is determined automatically from the current time
distribution tree.

Renzo Marengo wrote:
> In my wide area company with about 1000 clients, I organized ntp server hierarchy in 2 levels:
>
> level A - n.1 Physical Linux server (Centos 6) - SERVER MASTER
> level B - n.3 Physical Linux server (Centos 6) - NTP1, NTP2, NTP3 (for clients)
>
> Server MASTER retrieves time directly from servers of public newtwork.
> Server NTP1, NTP2, NTP3 retrieves time from server MASTER and they are the official NTP server used from clients.
>
> What do you think about this ntp server structure? I know NTP server numbers must be 1, 3 or 4,....
> I know ntp server must be a physical machine because its clock is more exact. Right ?
>
When I did the same for Hydro (multi-national corporation with 77K
employees in 130 countries) I had 3 primary servers (running FreeBSD)
with GPS and external reference servers, plus one (in Germany) using the
DCF77 pseudo-random signal and anoterh in the US that used their cell
phone timing signal.

These master servers all referenced each other, in case their local S1
clock would fail.

Next I had 6 S2 servers (running Linux or FreeBSD) that listed every S1
server as a source, while every client server (a few K in number) simply
used the same config file listing all six S2 servers.

This setup never even hiccuped during the 10+ years I ran it.

Terje

--
- <Terje.Mathisen at tmsw.no>
"almost all programming can be viewed as an exercise in caching"

Il giorno venerdì 7 aprile 2023 alle 13:44:59 UTC+2 David Woolley ha scritto:
> On 07/04/2023 10:47, Renzo Marengo wrote:
> > I know NTP server numbers must be 1, 3 or 4,....
> I don't understand this. NTP servers don't have numbers. They do have
> a stratum, but that is determined automatically from the current time
> distribution tree.

I wanted to say... the number (quantity) of ntp server.
Now I have 3 ntp server(NTP1, NTP2, NTP3), if I had had 2 servers it should be always a good idea ? I remembered there was a reason to have a similar quantity (that is 3)

Server A has stratum 2
Server NTP1, NTP2, NTP3 has stratum 3

What do you think if I destroyed the Server A and I converted the NTP1, NTP2, NTP3 to stratum 2 ? I would link these 3 server to the to same time source of server A.

Renzo Marengo wrote:
> Il giorno venerdì 7 aprile 2023 alle 13:44:59 UTC+2 David Woolley ha
> scritto:
>> On 07/04/2023 10:47, Renzo Marengo wrote:
>>> I know NTP server numbers must be 1, 3 or 4,....
>> I don't understand this. NTP servers don't have numbers. They do
>> have a stratum, but that is determined automatically from the
>> current time distribution tree.
>
> I wanted to say... the number (quantity) of ntp server. Now I have 3
> ntp server(NTP1, NTP2, NTP3), if I had had 2 servers it should be
> always a good idea ? I remembered there was a reason to have a
> similar quantity (that is 3)
>
> Server A has stratum 2 Server NTP1, NTP2, NTP3 has stratum 3
>
> What do you think if I destroyed the Server A and I converted the
> NTP1, NTP2, NTP3 to stratum 2 ? I would link these 3 server to the to
> same time source of server A.
>
Your clients should all have at least 4 sources, so if you don't want
them to talk to the outside world, that means having at least that many
internal servers for them to reference.

Terje

--
- <Terje.Mathisen at tmsw.no>
"almost all programming can be viewed as an exercise in caching"

Dear All,
I would say 3 ntp servers are also fine and good enough as there are never taken more than 3 servers.
If there are no stratum-1 server available I would define at least 4 pools for these 3 NTP servers.
I can tell you what I have done. Without claim to be correct.
I have 3 stratum-1 server ( GPS, DCF77 and rubidium disciplined )
The GPS and DCF77 are peered with the same type of server with another organisation. In case the stratum-0 source would fail.
Below this I have 4 stratum-2 server which have also upstream servers from the Internet. Just in case all 3 internal stratum-1 would fail.
There I am using two different types of daemon software. And 3 of these 4 servers are public available as part of the AT-pool (Austrian) for IPv6.
And internally I use only 2 stratum-3 servers for all clients. Good enough as I manage and monitor complete NTP infrastructure.
These stratum-3 servers have defined all 4 of my stratum-2 servers I have and are not using any external time source.
In my opinion it is not important to be accurate within a millisecond to the real time. It is more important that all devices have the same time.
This becomes interesting especially if there is a leap second.
Therefore all clients are not allowed to fetch the time from Internet and such traffic is prohibited by firewall.
To avoid that mis-configured clients have NO time I am using RPZ ( restricted policy zones ) in DNS where a lot of well known DNS names for NTP servers are rewritten to the internal IP address.

Kind regards
Hans
—

> On 08.04.2023, at 13:37, Terje Mathisen <terje.mathisen@tmsw.no> wrote:
>
> Renzo Marengo wrote:
>> Il giorno venerdì 7 aprile 2023 alle 13:44:59 UTC+2 David Woolley ha
>> scritto:
>>> On 07/04/2023 10:47, Renzo Marengo wrote:
>>>> I know NTP server numbers must be 1, 3 or 4,....
>>> I don't understand this. NTP servers don't have numbers. They do
>>> have a stratum, but that is determined automatically from the
>>> current time distribution tree.
>> I wanted to say... the number (quantity) of ntp server. Now I have 3
>> ntp server(NTP1, NTP2, NTP3), if I had had 2 servers it should be
>> always a good idea ? I remembered there was a reason to have a
>> similar quantity (that is 3)
>> Server A has stratum 2 Server NTP1, NTP2, NTP3 has stratum 3
>> What do you think if I destroyed the Server A and I converted the
>> NTP1, NTP2, NTP3 to stratum 2 ? I would link these 3 server to the to
>> same time source of server A.
> Your clients should all have at least 4 sources, so if you don't want them to talk to the outside world, that means having at least that many internal servers for them to reference.
>
> Terje
>
> --
> - <Terje.Mathisen at tmsw.no>
> "almost all programming can be viewed as an exercise in caching"
> --
> This is questions@lists.ntp.org
> Subscribe: questions+subscribe@lists.ntp.org
> Unsubscribe: questions+unsubscribe@lists.ntp.org
>
>
>
>
--
This is questions@lists.ntp.org
Subscribe: questions+subscribe@lists.ntp.org
Unsubscribe: questions+unsubscribe@li

4 is better than 3 because from time to time, one of them will be
unreachable. If one uses 3 and this happens, there is nobody to break a
tie.

I recommend also having these top-tier time sources 'peer' with each other.

What is your "interesting" issue with leap seconds?

H

On 4/8/2023 7:49 AM, MAYER Hans wrote:
>
> Dear All,
>
> I would say 3 ntp servers are also fine and good enough as there are never taken more than 3 servers.
> If there are no stratum-1 server available I would define at least 4 pools for these 3 NTP servers.
>
> I can tell you what I have done. Without claim to be correct.
> I have 3 stratum-1 server ( GPS, DCF77 and rubidium disciplined )
> The GPS and DCF77 are peered with the same type of server with another organisation. In case the stratum-0 source would fail.
> Below this I have 4 stratum-2 server which have also upstream servers from the Internet. Just in case all 3 internal stratum-1 would fail.
> There I am using two different types of daemon software. And 3 of these 4 servers are public available as part of the AT-pool (Austrian) for IPv6.
> And internally I use only 2 stratum-3 servers for all clients. Good enough as I manage and monitor complete NTP infrastructure.
> These stratum-3 servers have defined all 4 of my stratum-2 servers I have and are not using any external time source.
>
> In my opinion it is not important to be accurate within a millisecond to the real time. It is more important that all devices have the same time.
> This becomes interesting especially if there is a leap second.
> Therefore all clients are not allowed to fetch the time from Internet and such traffic is prohibited by firewall.
> To avoid that mis-configured clients have NO time I am using RPZ ( restricted policy zones ) in DNS where a lot of well known DNS names for NTP servers are rewritten to the internal IP address.
>
>
> Kind regards
> Hans
>
> —
>
>
>
>> On 08.04.2023, at 13:37, Terje Mathisen <terje.mathisen@tmsw.no> wrote:
>>
>> Renzo Marengo wrote:
>>> Il giorno venerdì 7 aprile 2023 alle 13:44:59 UTC+2 David Woolley ha
>>> scritto:
>>>> On 07/04/2023 10:47, Renzo Marengo wrote:
>>>>> I know NTP server numbers must be 1, 3 or 4,....
>>>> I don't understand this. NTP servers don't have numbers. They do
>>>> have a stratum, but that is determined automatically from the
>>>> current time distribution tree.
>>> I wanted to say... the number (quantity) of ntp server. Now I have 3
>>> ntp server(NTP1, NTP2, NTP3), if I had had 2 servers it should be
>>> always a good idea ? I remembered there was a reason to have a
>>> similar quantity (that is 3)
>>> Server A has stratum 2 Server NTP1, NTP2, NTP3 has stratum 3
>>> What do you think if I destroyed the Server A and I converted the
>>> NTP1, NTP2, NTP3 to stratum 2 ? I would link these 3 server to the to
>>> same time source of server A.
>> Your clients should all have at least 4 sources, so if you don't want them to talk to the outside world, that means having at least that many internal servers for them to reference.
>>
>> Terje
>>
>> --
>> - <Terje.Mathisen at tmsw.no>
>> "almost all programming can be viewed as an exercise in caching"
>> --
>> This is questions@lists.ntp.org
>> Subscribe: questions+subscribe@lists.ntp.org
>> Unsubscribe: questions+unsubscribe@lists.ntp.org
>>
>>
>>
>>

--
Harlan Stenn <stenn@nwtime.org>
http://networktimefoundation.org - be a member!
--
This is questions@lists.ntp.org
Subscribe: questions+subscribe@lists.ntp.org
Unsubscribe: questions+unsubscribe@lists.ntp.org

Il giorno sabato 8 aprile 2023 alle 13:37:33 UTC+2 Terje Mathisen ha scritto:
> Your clients should all have at least 4 sources, so if you don't want
> them to talk to the outside world, that means having at least that many
> internal servers for them to reference.
> Terje
>

Why at least 4 sources ? For redundancy or other reasons ?
My clients must not to talk to outside world.

Renzo Marengo wrote:
> Il giorno sabato 8 aprile 2023 alle 13:37:33 UTC+2 Terje Mathisen ha scritto:
>> Your clients should all have at least 4 sources, so if you don't want
>> them to talk to the outside world, that means having at least that many
>> internal servers for them to reference.
>> Terje
>>
>
> Why at least 4 sources ? For redundancy or other reasons ?
> My clients must not to talk to outside world.
>
3 is the minimum for a voting plurality when not all servers agree (i.e.
stated time + maximum uncertainty overlaps for all of them).

If you have 4+ then you maintain 3+ when one server goes down or
temporarily loses its mind/becomes a falseticker.

Terje

--
- <Terje.Mathisen at tmsw.no>
"almost all programming can be viewed as an exercise in caching"

Il giorno sabato 8 aprile 2023 alle 13:37:33 UTC+2 Terje Mathisen ha scritto:
> Renzo Marengo wrote:
> > Il giorno venerdì 7 aprile 2023 alle 13:44:59 UTC+2 David Woolley ha
> > What do you think if I destroyed the Server A and I converted the
> > NTP1, NTP2, NTP3 to stratum 2 ? I would link these 3 server to the to
> > same time source of server A.
> >
> Your clients should all have at least 4 sources, so if you don't want
> them to talk to the outside world, that means having at least that many
> internal servers for them to reference.

I installed only n.1 server A (stratum 2) which communicates to external time server in public network, (unique machine which speaks to external network).
Server NTP1,2,3 (stratum 3) are the internal ntp server used as reference ones for clients.
What do you think if I deleted server A and every server NTP1,2,3 was granted from stratum 3 to 2 and NTP1,2,3 communicated to external network ?

Renzo Marengo <buckroger2011@gmail.com> wrote:
> In my wide area company with about 1000 clients, I organized ntp server hierarchy in 2 levels:
>
> level A - n.1 Physical Linux server (Centos 6) - SERVER MASTER
> level B - n.3 Physical Linux server (Centos 6) - NTP1, NTP2, NTP3 (for clients)
>
> Server MASTER retrieves time directly from servers of public newtwork.
> Server NTP1, NTP2, NTP3 retrieves time from server MASTER and they are the official NTP server used from clients.
>
> What do you think about this ntp server structure? I know NTP server numbers must be 1, 3 or 4,....
> I know ntp server must be a physical machine because its clock is more exact. Right ?

Each ntp server or client that uses other ntp servers to get time needs
at least 3 servers so it can tell if one of the servers goes wonky. If
you want redundancy you should have 4.

The stratum of servers in general makes no significant difference unless
you are doing something special, like timing nuclear reactions.

The simplest thing to do is use at least 3 ntp appliance boxes, each of
which will be at stratum 1, for the entire company network.

You can find GNSS based ntp appliance boxes on ebay and other places for
about US$80 these days that consist of an active antenna, a small box
roughly the size of a pack of cigarettes and a 12V power adapter.

Search for ntp time server on ebay for examples.

The advantage to using an appliance is that there are no computers to
obtain, configure, maintain, or find a place for and they only use about
1W of power each.

All you need to do is put the antenna on a window sill, connect the
antenna, power and network and set the IP address you want for the box.

If your company has multiple locations, spread the boxes across
different locations so there is no single point of failure.

Then point all 1000 clients to your boxes.

On 2023-04-11, Renzo Marengo <buckroger2011@gmail.com> wrote:
> Il giorno sabato 8 aprile 2023 alle 13:37:33 UTC+2 Terje Mathisen ha scritto:
>> Your clients should all have at least 4 sources, so if you don't want
>> them to talk to the outside world, that means having at least that many
>> internal servers for them to reference.
>> Terje
>>
>
> Why at least 4 sources ? For redundancy or other reasons ?
> My clients must not to talk to outside world.

It depends on how high the probability is that two sources go mad at
once. (eg you have two routers relying on the same source).
Therr is good because if one goes off, then the other two outvote it.
Four can prevent two independent sources from messing you up. On the
otherhand if they are all internal, then you have the problem that the
internal sources are probablynot independent, and two or three going mad
is far more likely.

On 2023-04-11 17:19, Jim Pennino wrote:
> Renzo Marengo <buckroger2011@gmail.com> wrote:
>> In my wide area company with about 1000 clients, I organized ntp server hierarchy in 2 levels:
>>
>> level A - n.1 Physical Linux server (Centos 6) - SERVER MASTER
>> level B - n.3 Physical Linux server (Centos 6) - NTP1, NTP2, NTP3 (for clients)
>>
>> Server MASTER retrieves time directly from servers of public newtwork.
>> Server NTP1, NTP2, NTP3 retrieves time from server MASTER and they are the official NTP server used from clients.
>>
>> What do you think about this ntp server structure? I know NTP server numbers must be 1, 3 or 4,....
>> I know ntp server must be a physical machine because its clock is more exact. Right ?
>
> Each ntp server or client that uses other ntp servers to get time needs
> at least 3 servers so it can tell if one of the servers goes wonky. If
> you want redundancy you should have 4.
>

I wonder when and why this advice changed from 3 to 4. When I started
setting up local NTP networks more than 15 years ago, the documentation
advised setting up 3 local servers sourcing from 3 online servers each
(when not having access to non-ntp sources such as NIST dial in, long
wave time signals, GPS, Caesium/Hydrogen frequency references etc.

This was before good pool sources, so I had to work through the list of
public servers on the project webpage and choose some that would be
polite to use as master references while constraining internal machines
to contact only the internal NTP servers.

> The stratum of servers in general makes no significant difference unless
> you are doing something special, like timing nuclear reactions.
>
> The simplest thing to do is use at least 3 ntp appliance boxes, each of
> which will be at stratum 1, for the entire company network.
>
> You can find GNSS based ntp appliance boxes on ebay and other places for
> about US$80 these days that consist of an active antenna, a small box
> roughly the size of a pack of cigarettes and a 12V power adapter.
>
> Search for ntp time server on ebay for examples.
>
> The advantage to using an appliance is that there are no computers to
> obtain, configure, maintain, or find a place for and they only use about
> 1W of power each.
>
> All you need to do is put the antenna on a window sill, connect the
> antenna, power and network and set the IP address you want for the box.
>
> If your company has multiple locations, spread the boxes across
> different locations so there is no single point of failure.
>
> Then point all 1000 clients to your boxes.
>

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

Jakob Bohm <jb-usenet@wisemo.com.invalid> wrote:
> On 2023-04-11 17:19, Jim Pennino wrote:
>> Renzo Marengo <buckroger2011@gmail.com> wrote:
>>> In my wide area company with about 1000 clients, I organized ntp server hierarchy in 2 levels:
>>>
>>> level A - n.1 Physical Linux server (Centos 6) - SERVER MASTER
>>> level B - n.3 Physical Linux server (Centos 6) - NTP1, NTP2, NTP3 (for clients)
>>>
>>> Server MASTER retrieves time directly from servers of public newtwork.
>>> Server NTP1, NTP2, NTP3 retrieves time from server MASTER and they are the official NTP server used from clients.
>>>
>>> What do you think about this ntp server structure? I know NTP server numbers must be 1, 3 or 4,....
>>> I know ntp server must be a physical machine because its clock is more exact. Right ?
>>
>> Each ntp server or client that uses other ntp servers to get time needs
>> at least 3 servers so it can tell if one of the servers goes wonky. If
>> you want redundancy you should have 4.
>>
>
> I wonder when and why this advice changed from 3 to 4. When I started
> setting up local NTP networks more than 15 years ago, the documentation
> advised setting up 3 local servers sourcing from 3 online servers each
> (when not having access to non-ntp sources such as NIST dial in, long
> wave time signals, GPS, Caesium/Hydrogen frequency references etc.

Redundancy in case of multiple failures.

A ntp server is quite happy with 3, however what is the risk and
possible consequences to your organization if there are multiple
failures?

If all you are doing is making sure everyone's time is close to the
same, this is likely a don't care.

If you are doing something that could have could have significant
consequences, i.e. a stock broker or something that depends on the time
being within fractions of a second, you likely care a lot.

With GNSS (meaning the device uses all the "GPS" systems) appliances
being under $100 US these days, it is cheaper to use N appliances than
it is to obtain, configure, and maintain N computers sourcing from
online servers.

> This was before good pool sources, so I had to work through the list of
> public servers on the project webpage and choose some that would be
> polite to use as master references while constraining internal machines
> to contact only the internal NTP servers.

With an appliance all you have to chose is whether you want to use some
subset of the available GNSS systems or all of them. I can think of no
reason not to use all of them and no outside your network traffic is
required.

>> The stratum of servers in general makes no significant difference unless
>> you are doing something special, like timing nuclear reactions.
>>
>> The simplest thing to do is use at least 3 ntp appliance boxes, each of
>> which will be at stratum 1, for the entire company network.
>>
>> You can find GNSS based ntp appliance boxes on ebay and other places for
>> about US$80 these days that consist of an active antenna, a small box
>> roughly the size of a pack of cigarettes and a 12V power adapter.
>>
>> Search for ntp time server on ebay for examples.
>>
>> The advantage to using an appliance is that there are no computers to
>> obtain, configure, maintain, or find a place for and they only use about
>> 1W of power each.
>>
>> All you need to do is put the antenna on a window sill, connect the
>> antenna, power and network and set the IP address you want for the box.
>>
>> If your company has multiple locations, spread the boxes across
>> different locations so there is no single point of failure.
>>
>> Then point all 1000 clients to your boxes.
>>
>
>
> Enjoy
>
> Jakob

On 11/04/2023 18:21, Jakob Bohm wrote:
> I wonder when and why this advice changed from 3 to 4.  When I started
I'm pretty sure that Byzantine General protection has been advised for
more than 15 years. It's in the NTPv4 RFC, so it is at least just short
of 13 years. <https://www.ietf.org/rfc/rfc5905.txt>

On 11/04/2023 21:28, David Woolley wrote:
> On 11/04/2023 18:21, Jakob Bohm wrote:
>> I wonder when and why this advice changed from 3 to 4.  When I started
>
> I'm pretty sure that Byzantine General protection has been advised for
> more than 15 years.  It's in the NTPv4 RFC, so it is at least just short
> of 13 years. <https://www.ietf.org/rfc/rfc5905.txt>
I meant to include this quote:
/*
* There must be at least NSANE survivors to satisfy the
* correctness assertions. Ordinarily, the Byzantine criteria
* require four survivors, but for the demonstration here, one
* is acceptable.
*/

On 4/11/2023 1:28 PM, David Woolley wrote:
> On 11/04/2023 18:21, Jakob Bohm wrote:
>> I wonder when and why this advice changed from 3 to 4.  When I started
>
> I'm pretty sure that Byzantine General protection has been advised for
> more than 15 years.  It's in the NTPv4 RFC, so it is at least just short
> of 13 years. <https://www.ietf.org/rfc/rfc5905.txt>

It's noted in RFC1059, from 1988.

--
Harlan Stenn <stenn@ntp.org>
http://networktimefoundation.org - be a member!
--
This is questions@lists.ntp.org
Subscribe: questions+subscribe@lists.ntp.org
Unsubscribe: questions+unsubscribe@lists.ntp.org

Il giorno martedì 11 aprile 2023 alle 17:31:08 UTC+2 Jim Pennino ha scritto:
> You can find GNSS based ntp appliance boxes on ebay and other places for
> about US$80 these days that consist of an active antenna, a small box
> roughly the size of a pack of cigarettes and a 12V power adapter.

I thank you very much but It's no possible to buy a similar ntp appliance even if It's cheaper system, I have to build/inspect my ntp server with existing resources.
According to your assertions, I think my system is wrong because I have a unique "server MASTER" which retrieves time from several stratum 1 ntp servers which are in Internet network. Server Master is a point of failure infact if It's went mad, what server NTP1,2,3 will happen to ?
Furthermore every NTP1, NTP2, NTP3 has set as ntp server a unique source that is server MASTER, so they can't understand when server is mad. It's right what I'm saying ?

Hi Harlan, et al,
> On 09.04.2023, at 08:23, Harlan Stenn <stenn@nwtime.org> wrote:
>
>
> What is your "interesting" issue with leap seconds?
Once we had not all clients to local NTP servers connected but synchronised. Unfortunately not all public NTP servers have a valid leap-file. During such a „step“ several clients lost a connection to a local database server. Probably almost all applications don’t care about a leap second but there are some few which don’t like it if client and server are different. Since that time NTP traffic is prohibited to the internet for all clients. And with RPZ in DNS we make sure that all clients have access to local NTP server.
And it will also be interesting how it will go on in the future. Since 6 years there was no leap second and there are discussions to cancel it totally.

// Hans
—
--
This is questions@lists.ntp.org
Subscribe: questions+subscribe@lists.ntp.org
Unsubscribe: questi

Renzo Marengo <buckroger2011@gmail.com> wrote:
> Il giorno martedì 11 aprile 2023 alle 17:31:08 UTC+2 Jim Pennino ha scritto:
>> You can find GNSS based ntp appliance boxes on ebay and other places for
>> about US$80 these days that consist of an active antenna, a small box
>> roughly the size of a pack of cigarettes and a 12V power adapter.
>
> I thank you very much but It's no possible to buy a similar ntp appliance even if It's cheaper system, I have to build/inspect my ntp server with existing resources.

Having to take the most expensive and labor intensive route and has
security issues sounds like a poor business plan to me.

> According to your assertions, I think my system is wrong because I have a unique "server MASTER" which retrieves time from several stratum 1 ntp servers which are in Internet network. Server Master is a point of failure infact if It's went mad, what server NTP1,2,3 will happen to ?
> Furthermore every NTP1, NTP2, NTP3 has set as ntp server a unique source that is server MASTER, so they can't understand when server is mad. It's right what I'm saying ?

If you are saying you have one master machine that gets time from the
internet and feeds that time to your internal servers, then yes, the
internal machines have no way of knowing if the master is correct.

You would need at least three masters.

On 2023-04-12, MAYER Hans <Hans.Mayer@iiasa.ac.at> wrote:
>
> Hi Harlan, et al,
>
>> On 09.04.2023, at 08:23, Harlan Stenn <stenn@nwtime.org> wrote:
>>
>>
>> What is your "interesting" issue with leap seconds?
>
> Once we had not all clients to local NTP servers connected but synchronised. Unfortunately not all public NTP servers have a valid leap-file. During such a „step“ several clients lost a connection to a local database server. Probably almost all applications don’t care about a leap second but there are some few which don’t like it if client and server are different. Since that time NTP traffic is prohibited to the internet for all clients. And with RPZ in DNS we make sure that all clients have access to local NTP server.

So instead you now have a single point of failure, so instead of one or
two machines having trouble, every single machine in you whole
organization will have trouble if that single machine goes down. Sounds
like a real advance to me:-) Eg, a cleaner plugs their floor polisher into
the UPS of that machine, or somebody trips over the power plug.

>
> And it will also be interesting how it will go on in the future. Since 6 years there was no leap second and there are discussions to cancel it totally.
>
>
> // Hans
>
> —