Q. ntp pseudo service in a jail

Jon Radel jon at radel.com
Thu Jul 30 21:24:21 UTC 2020

On 7/30/20 16:53, Michael Sierchio wrote:
> On Thu, Jul 30, 2020 at 1:45 PM Jon Radel <jon at radel.com> wrote:
>> On 7/30/20 16:03, James B. Byrne via freebsd-questions wrote:
>>> I need a jail to provide responses to ntp queries.  I do not need (or
>> want) the
>>> jail to adjust the system time.  I just need it to provide whatever time
>> the
>>> host OS has whenever it is queried.  Can this requirement be met?
>> You can probably do what you want with the reference ntpd code if you
>> set it up to have only a LOCAL driver.  This takes the system clock as
>> the source of truth.
> server
> fudge stratum 5

Higher than 5 is smiled upon; see
https://support.ntp.org/bin/view/Support/UndisciplinedLocalClock where

fudge stratum 10

is suggested.

>> Make sure to set a really high stratum with fudge so that people don't
>> have to hate on you if you leak the quite possibly crap time further
>> than you expect.
> LOCAL is going to get time from the host, right?  Clocks are shared.

I'm probably missing the point of what you're saying....

My point is that is that the OP appears to wish to setup a local ntp
server with undisciplined time.  (No Internet access & no local hardware
clock???)  If there is no connection of any sort to the rest of the
world, nobody will much care, but if there is any risk of any external
device trusting this ntp server, or any of its downstream ntp servers,
then it is far better that the time be associated with a very high
stratum number, to greatly reduce the risk that any device mistake this
time as being accurate.  I'm unclear on what this has to do with shared
clocks, whatever that may be.

--Jon Radel
jon at radel.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4177 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20200730/6f93f3f7/attachment.bin>

More information about the freebsd-questions mailing list