NTS update

Thu Mar 21 00:30:11 UTC 2019

> Uh, no.  You can get easily get the FQDN from the IP.

That adds DNS to the security chain.  Doesn't sound good to me.  It might work 
if you are using DNSSEC.  Complicated.

> Also, since there is no way to specify IPv4 or IPv6, the only way I can make
> this work is by IP.
> You need to add a option to force IPv4 or IPv6. 

There is a -4 and -6 option to the server command.  I don't think I check that 
yet.  Should be easy to fix, but it will have to wait until late tonight.

If you want a quick hack fix, in ntpd/nts_client.c, change the
  hints.ai_family = AF_UNSPEC;
to
  hints.ai_family = AF_INET;  or AF_INET6
That will get all of the NTS-KE connections on that system.

> So how about you try to connect to one of them?

     remote           refid      st t when poll reach   delay   offset   jitter
===============================================================================
-kong.rellim.com 204.17.205.17    2 8   11   64  373  55.0190   1.1430   3.7460
-spidey.rellim.c 204.17.205.17    2 8   18   64  373  55.2070   1.0170   1.2171
-glypnod4        192.168.1.33     2 8    9   64  377   0.3929  -0.0821   0.0187
-shuksan         .PPS.            1 u    3   64  377   0.2266   0.0779   0.0478
+mon             192.168.1.33     2 u   12   64  377   0.3805   0.0496   0.0622
-tom             .PPS.            1 u    8   64  377   0.4343   0.0137   0.0473
...

Looks good from here.  Note the 8 in the t column.

-- 
These are my opinions.  I hate spam.