Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hugo_vd_Kooij
Advisor

effect of using nl.pool.ntp.org as domain object

We have a customer that asked to allow NTP to nl.pool.ntp.iorg but that pool is rather big so the FQDN result will vary a lot over the course of a day. Nut sure if that will cause issues where a device will be in NTP sync for a few hours but then run into sync issues do to the varying nature of the results.

Has anyone done this before? Or should I juist put any in the destion and accept that NTP traffic may go all ove the place?

Any thoughts on this?

Regards, Hugo.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
4 Replies
Hugo_vd_Kooij
Advisor

Using a Country as destination might be another way to limit that scope without it becoming impractical in terms of management or security.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Nik_Bloemers
Collaborator

Hi Hugo,

I've recently made a rule for the domain object .pool.ntp.org
It seems to work just fine.

Nik

0 Kudos
Wolfgang
Mentor
Mentor

FQDN domain objects are a really nice feature and we are happy to use them. No problem with changes of the records. The gateway follows the TTL of the DNS records and too updates the FQDN object every 60min and with policy install.

See Domain Objects in R8x and How do Domain Objects work? 

With Domains Tool (domains_tool) you can check the actual information in the gateways cache.

No worry using these objects.

0 Kudos
Vladimir
Champion
Champion

@Hugo_vd_Kooij , There is got to be some serious drift on devices in question for this situation to have material effect. Generally, if situation warrants high-precision timekeeping, I'd suggest having an on-premises time server (even software-based https://www.meinbergglobal.com/english/sw/) and use external servers only as references for those.