G
George Macdonald
Most seem to work for me, but I use a Sun workstation, not a D-link
router, so I can't say I have tried with this. I suspect the muppet
routers don't implement the protocol as well as the Sun.
I am not using a D-Link router. The list has nothing to do with routers
per se - it's principal purpose for me is setting accurate time for our DC
which, of course propagates to all other computers on the domain. The
experience of finding a reasonably close, working, reliable NTP server was
extremely frustrating... to the point of having to examine the Win 2K
server logs for the evidence - I didn't need that diversion. I eventually
found a recommended doc somewhere which said it's "OK" to use
time.nist.gov, as long as it's not excessive, so I used it.
I'm not aware it can be done on mine at all. Luckily, none accessed have
any restrictions.
That would be surprising.
The ServiceArea is the geographic and/or network area the TimeServer is
intended to serve.
Yes, I can gather that much... OBVIOUSLY. This does not preclude that a
mfr whose HQ is in a given area cannot arrange to use a server in that area
for all its U.S. sales. For the "network areas" it's not a lot of use to
specify a bunch of inner-circle coded names without explaining to the
end-user what they mean. It's almost like those people *want* to
obfuscate... invent some cryptic language for themselves and then have the
nerve to complain when some naif violates their *unexplained* encoded
rules.
I personally did not use the word vandalism. But I think abuse is correct.
Depends what you mean - their after the fact attitude on correcting the
situation and financial/technical compensation is abusive (U.S. lawyers...
which I gather the UK lawyers are "learning" from). The incident itself is
just an honest -- but likely incompetent -- mistake... with catastrophic
results.
OTOH, the guy is supplying a service to the majority(?) of the Danish ISP
industry... who are profiting from the Internet in general... some of whose
clients are no doubt using D-Link gateway-routers. The silence about their
reaction, other than apparently wanting to apply excessive charges to their
NTP "supplier", is incongruous to say the least... clean hands??
Well, you don't have to use a local server and should not use a local
one if it restricts access.
The trouble is "restricted" has degrees of enforcement in general - the
guidelines are malformed and badly expressed... and the anecdotal reports
are ambiguous.
I accept there is a *big* difference between intentionally hacking a
machine (me hacking yours) and you or anyone else using an NTP server
without realizing it. One is an accident, the other a deliberate act.
But once you are aware you are not welcome at an NTP server, then I
think the difference disappears.
I will ask you the same question I asked the person posting as:
Borked Pseudo Mail - '(e-mail address removed)'
If you were asked by an NTP server administrator (such as the owner of
the Danish one) to stop accessing that server, and you were unable to do
so by a firmware upgrade or reconfiguring the router, would you continue
to access his server, even though he had asked you not to? If you had
no other option, would you switch your router/modem off and not use it?
That depends: e.g. my router only does a look-up on restarts, cold or warm,
and AFAIK does not poll excessively to get synced, so I don't feel that's
an enormous abuse; the Netgear and D-Link cases should have probably been
the subject of a recall. I still don't understand why they continue to
poll every hour or so once synced but, given that the D-Links have a
configurable NTP address the ISP industry, at least those who supply D-Link
gateway-routers bears some blame for the situation.
Furthermore, what if the person asking you was from the US government or
the US Navy, both of whom timeservers are being abused? Would you
continue to use their time servers if you had no way of stopping your
D-link product from doing it without switching it off?
I'm not using their servers and I'm not that interested in discussing
hypotheticals as they apply to me.
BTW, your ISP, Tellurian, might have something to say about it, as it
would be against their rules:
http://www.tellurian.com/usagepolicy.asp
In particular:
* Any "denial of service" attack, any attempt to breach
* authentication or security measures, or any unauthorized attempt
* to gain access to any other account, host or network is
* prohibited, and will result in immediate service termination,
* which may be without notice.
I think you using the NTP server then would be an unauthorized attempt
to gain access to another host.
What NTP server are you talking about? Now you're getting impudent without
assimilating already presented facts. I think you know what the above
means and is targeted at - applying it to a published list of servers which
are poorly documented might result in some "advice" on how to do things
right *BUT* he'd have trouble taking things further since ntp.tellurian.com
*does* exist but does not work. This same ISP supplied the gateway-router
which is hitting clock.isc.org. said:So that makes it right?
I suggest if they are in the US, it would be rather foolish to continue
to do it should a US government or navy official ask you to stop.
RIGHT!
No, the rules were in place before. I am not suggesting any rules at all.
If vendors chose to implement products which use NTP servers it is up to
them to work out how to do it without accessing other servers their
intended end users are not supposed to. It is not up to me, or anyone
else to tell them how to do it. I am just saying there are ways, but it
is their decision. The rules have been in place a long while.
No, the rules have been in flux for a while.
I suspect, but don't know, that for a gateway router where the time can
only be set to 1 second resolution, it makes no difference if you use a
near or distant NTP server. The protocol corrects for network delays.
Correction improves when multiple time servers are used but I doubt it
is necessary unless the resolution is better than 1 second.
Depends on how the algorithm is implemented. Windows 2K/XP gives up if it
can't get a consistent delay. It seems self-evident to me that use of a
geographically close server is a better choice from several POVs.