Locating NTS-KE and NTP servers
Hal Murray
hmurray at megapathdsl.net
Sat Aug 15 09:59:03 UTC 2020
This area is a tangle. I'm looking for ideas.
The context for thinking about this is that several NTS-KE servers have more
than one IP Address. I'd like to be able to test all of them and/or maybe use
more than one.
Let's start with the simple case - no NTS. There are a few NTP servers with
names
that return multiple IP Addresses. I'd like to be able to test all of those
too. Fortunately, we can do that by specifying their individual numerical IP
Addresses.
But a cleaner approach almost works. If foo has several addresses, it should
be reasonable to say
server foo
server foo
and have the code that processes the DNS answers skip over the ones that are
already in use. Currently, that doesn't work because configpeers kicks out
duplicates. I think the skip-in-use code is there -- or maybe it's over in
the pool case.
I'll investigate removing that check.
---------
There are several unimplemented nts server options:
ask, require
expire
cert
Should we remove them, mostly to clean up the documentation?
---------
Maybe there should be a mode so things work similarly to pool: setup servers
for all IP Addresses that come back from DNS lookup. But do it only once.
(pool mode tries again if it needs more servers)
---------
Do we need something like the expire option to check DNS again?
--
These are my opinions. I hate spam.
More information about the devel
mailing list