Group subscription to ntppool vendor list

Wed Jan 26 08:44:37 UTC 2011

On Jan 25, 2011, at 7:54, Martin Pitt wrote:

Hi Martin (& Ubuntu Technical Board),

As you might know I look after the NTP Pool system that you have discussed recently.

Xavier sent me a link to your IRC meeting log, so I'll start by replying to a couple of things there:

> if there's very little management to be done that way, I don't mind

No management at all actually.

The "application form" is just a place where I store contact information for companies who have a vendor zone (this is more relevant for say someone making a DVD player where I need a way to get through the first line support than it is for a technical and open source product like Ubuntu).

> the question raised by sabdfl by e-mail was whether the reliability of *.pool.ntp.org lived up to its advertising

There isn't much "advertising", I'd hope!  :-)

So just in the interest of making sure everyone is clear on how it works:

The central pool system monitors the ~2000 participating NTP servers about 3 times an hour and when the monitoring gets no result or a bad result (more than 1-200ms off) it'll ding the score.   A custom DNS server serves IP's for "nearby" (courtesy of maxmind's geoip) "good" (courtesy of the monitoring system) servers.    There are numerous obvious possible attacks on the system, but so far (knock on wood) nobody's bothered.   The ways for an attacker to make use of the pool system not working right aren't so obvious.

Last I estimated the query numbers for the pool system and got numbers from an admin at NIST the pool system did a little more queries a second than their servers (I think I estimated our query count to 40-50k queries a second).

Anyway, if you are worried about this I'd recommend you leave ntp.ubuntu.com in the default ntp.conf and just use 3 of the pool servers. (For fun I added it to the system for monitoring only Tuesday afternoon and so far the monitoring system thinks you have an excellent NTP server: http://www.pool.ntp.org/scores/91.189.94.4 )

> pitti: so we can try setting the TB mailing list as contact point; I assume these are very low-traffic
> xavier_robin: Yes it's claimed to be low traffic
> cjwatson:	list->list forwarding might not be ideal, but I'm guessing any of us would be prepared to be a contact point and forward things on if they're needed?

The "ntppool-vendors" list is just a google group announcements-only list in case I ever have to try to talk to the "vendors" en masse.  I think I've sent one mail there in ~6 years -- so yes, it's low traffic!

> Dear administrators or ntppool,
> 
> Xavier Robin recently asked you to create *.ubuntu.pool.ntp.org on
> behalf of the Ubuntu project, which got promptly created. Thank you
> for this!
> 
> Is it possible to subscribe a mailing list instead of a single google
> account to this list? In the interest of not creating a single point
> of failure we would like to subscribe the Ubuntu Technical Board
> mailing list (technical-board at lists.ubuntu.com) as a contact point for
> the NTP pool administration.

Done!

 - ask

> Thank you in advance, and have a good day,
> 
> Martin Pitt
> p. p. Ubuntu Technical Board