NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ntpdate(8) and unbound(8) dependencies during boot

Sad Clouds <> writes:

> On Sat, 17 Oct 2020 10:33:28 +0200
> Martin Husemann <> wrote:
>> For things w/o RTC clock (that are unlikely to travel from airport
>> wlan to next airport wlan) I usually do not want them to use any
>> *external* IPs at all (while for me hard coded or dhcp provided local
>> IPs work fine).
>> I also do not want my ISP, Cloudflare, Google, or some hacker having
>> access at either of them to be able to tell when "some thing" in my
>> local network boots.
>> Martin
> I'm not sure I follow you. You don't want your NTP traffic to go outside
> your local network, so I'm assuming you run your own local NTP servers
> that synchronize with some trusted server on the Internet?
> I'm not an expert on NTP, but what sort of information do you think it
> could leak that could compromise your system security? There are ways
> for hackers to abuse NTP protocol, but that is where you should be using
> NTS extensions. 

I can completely see where Martin is coming from, even if it's on the
paranoid side - but NetBSD has a tradition of not offending paranoids by

Certainly one can have a local server and point local things to it.

By default we don't enable NTP, but the default config has the pool.  I
find contacting random pool servers not a real problem, but connecting
to anything connected with a big company that might think it ok to store
data of what happened and use it later is potentially concerning.

I also realize this is turtles all the way down tand the next question
is leaking information about DNS.  But I don't think we should be
configuring talking to Gooogle anything or even Cloudflare.

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index