NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
Future Ideas for NTP
Initial time set
Let's find a way to not need the "the time must be right to within 68 (or whatever) years" for the initial time set.
There is good news/bad news about our current method of only resolving DNS names for NTP servers "initially".
How does the following sound:
- The server may specify a "lifetime" for its name resolution "information"
- The client may specify a "lifetime" for the name resolution data it gets
- If either/both of these are specified, we should re-fetch at the "sooner" interval
- The client may detect a (reachability?) problem in the interim, which should cause a re-fetch