NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15
was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
See ConfiguringLocalRefclocksDev for discussion of this topic.
6.1.9. Configuring Local Refclocks
All refclocks are
local in that they are directly attached to an
ntpd
.
Sometimes it is neccessary to synchronize clocks in the absence of reachable time sources. This is when some special modes of operation are useful.
6.1.9.1. Undisciplined Local Clock
The
UndisciplinedLocalClock allows an
ntpd
to serve time to others even when not actually synchronized to a time source. It can also be used in configurations where the system clock is disciplined by some method outside of ntpd.
6.1.9.2. Orphan Mode
OrphanMode, in conjunction with a suitable mesh configuration, allows a group of systems to autonomously select a leader in the event that all time sources become unreachable.
OrphanMode was introduced in NTP-4.2.2 and is the intended replacement for most uses of the
UndisciplinedLocalClock.