Comment by amelius

5 days ago

But can't NTP server downtime cause a disaster?

10 comments

amelius

Reply
Vosporos  5 days ago

One (amongst many) NTP server going down creates less issues than an NTP server spreading wrong time.

  • macintux  5 days ago

    General rule of thumb: a misbehaving/slow server in any well-architected distributed system is vastly worse than a dead server.

  • PunchyHamster  5 days ago

    technically if you have 3 or more sources that would be caught; NTP protocol was designed for that eventuality

    • throw0101c  5 days ago

      > technically if you have 3 or more sources that would be caught; NTP protocol was designed for that eventuality

      Either go with one clock in your NTPd/Chrony configuration, or ≥4.

      Yes, if you have 3 they can triangulate, but if one goes offline now you have 2 with no tie-breaker. If you have (at least) 4 servers, then one can go away and triangulation / sanity-checking can still occur with the 3 remaining.

      1 reply →

    • da_chicken  5 days ago

      Sure, but not needing a failure to cascade to yet another failsafe is still a good idea. After all, all software has bugs, and all networks have configuration errors.