r1 - 2010-10-30 - 00:22:50 - HarlanStennYou are here: NTP >  Dev Web > DevelopmentIssues > FutureIdeasForNTP
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p12 was released on 14 August 2018. It addresses 1 low-/medium-severity security issue in ntpd, 1 low-severity security issue in ntpq and ntpdc, and provides 27 non-security bugfixes and 4 other improvements over 4.2.8p11.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Future Ideas for NTP

Initial time set

Let's find a way to not need the "the time must be right to within 68 (or whatever) years" for the initial time set.

Name resolution

There is good news/bad news about our current method of only resolving DNS names for NTP servers "initially".

How does the following sound:

  • The server may specify a "lifetime" for its name resolution "information"
  • The client may specify a "lifetime" for the name resolution data it gets
  • If either/both of these are specified, we should re-fetch at the "sooner" interval
  • The client may detect a (reachability?) problem in the interim, which should cause a re-fetch
Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
Dev.FutureIdeasForNTP moved from Dev.FutureIdeasForNtpd on 2010-10-30 - 00:22 by HarlanStenn - put it back
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback