2 Ntp servers on same domain?

Unanswered Question
Mar 12th, 2009

We have been recommended to sync our networking-equipment to one of our Dc's

(not the PDCEmulator itself).

However my boss has stated that our DC's has plenty of workload, and furthermore

that our PDC synchronizes against a public pool of DNS-stratum-2 servers, which,

acording to MIT-analysis, seem to be inaccurate or unavailable to a certain degree.

He says that all our firewalls etc. need very precise timing and recommends

that we buy a standalone appliance ntp-server and synchronizes all of our

networking equipment against that one.

But in doing so, it occurs to me that our networking equipment and the rest

of our domain (clients, servers etc) could be disagreeing on what the time

is, and if i am understanding this topic correctly, this is NOT

recommended - having 2 different NTPsources.

What is best practice if we do not want to synchronise against our Pdc's or

Dc's due to risk of overloading them...???

I am very gratefull for you kindness and hope for an answer.

/T

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Thu, 03/12/2009 - 14:35

Here is a list NTP servers for Denmark and Europe:

http://www.pool.ntp.org/zone/europe

http://support.microsoft.com/kb/262680

Use the following commands to configure NTP on your appliance:

ntp server prefer source

ntp server

When you review your config a few hours later, if you see ntp clock , don't worry about it because it's ... just nothing. You can configure as many NTP servers as you want but if you put the "prefer" option, the appliance will target that first and put the rest as an "option".

Hope this helps.

towli Fri, 03/13/2009 - 01:24

Thanks for the replys both!

You do not find it to be a problem if there exist 2 stratum 3 NTP servers on the same domain (and hence with 2 different times)?

/Jan Dk

Leo Laohoo Sun, 03/15/2009 - 14:35

No I don't. Because I always make it a point to configure one of them to be "prefer".

I always make sure that all the NTP servers are valid (and remove the dead ones).

Actions

This Discussion