Re: ntpdate(8) and unbound(8) dependencies during boot

[Sad Clouds <cryintothebluesky%gmail.com@localhost>]

On Sat, 17 Oct 2020 10:33:28 +0200
Martin Husemann <martin%duskware.de@localhost> wrote:

> On Sat, Oct 17, 2020 at 08:41:05AM +0100, Sad Clouds wrote:
> > OK but you still need to connect to some server, be it NTP or HTTPS
> > in order to get the initial time. If you can't rely on DNS (and you
> > don't want to dynamically modify DNS server/resolver config to
> > ignore clock skew), then you still have to hard code IP address
> > somewhere. This was one of the objections raised by some people on
> > this list, as they didn't want to use IP address for some reason.
> 
> For things w/o RTC clock (that are unlikely to travel from airport
> wlan to next airport wlan) I usually do not want them to use any
> *external* IPs at all (while for me hard coded or dhcp provided local
> IPs work fine).
> 
> I also do not want my ISP, Cloudflare, Google, or some hacker having
> access at either of them to be able to tell when "some thing" in my
> local network boots.
> 
> Martin

I'm not sure I follow you. You don't want your NTP traffic to go outside
your local network, so I'm assuming you run your own local NTP servers
that synchronize with some trusted server on the Internet?

I'm not an expert on NTP, but what sort of information do you think it
could leak that could compromise your system security? There are ways
for hackers to abuse NTP protocol, but that is where you should be using
NTS extensions.