DNS fanout for NTS

Hal Murray hmurray at megapathdsl.net
Fri Oct 23 19:10:25 UTC 2020


ntp.glypnod.com now returns the IP addresses for ntp1.glypnod.com and 
ntp2.glypnod.com

The certificates on ntp1 and ntp2 have SAN (Subject Alternative Name) setup so 
the certificates on ntp1 and ntp2 are also valid for ntp.  That means that
  server ntp.glypnod.com nts
should work.  It does for my test case.


The NTS-KE protocol allows the server to return an optional name/address (and 
port) for the NTP client to use.  One of the ideas behind that is that the KE 
server could do load balancing.  An alternative for load balancing is to let 
DNS do it.

If your setup is big enough to need load balancing, you probably need multiple 
NTS-KE servers for reliability.

-- 
These are my opinions.  I hate spam.





More information about the devel mailing list