Hello,
Main setup:
Network has a local ntpd time server on the internal subnet (ex:192.168.1.2).
Ntp queries are blocked at the firewall for all but the time server.
Corporate controlled systems point to the internal time server.
Tinydns and dnscache serve the internal subnet only.
But there are many systems privately owned, not under corporate control, many
of them Windows boxen with their time service pointing to time.windows.com.
With tinydns I do:
add-ns time.windows.com 127.0.0.1
add-alias time.windows.com 192.168.1.2
I tell dnscache to use tinydns for time.windows.com:
echo 127.0.0.1 > /service/dnscache/root/servers/time.windows.com
=====================================================================
$ dig time.windows.com
; <<>> DiG 9.4.0rc2 <<>> time.windows.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38255
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;time.windows.com. IN A
;; ANSWER SECTION:
time.windows.com. 83896 IN A 192.168.1.2
=====================================================================
Everything seems to work fine. Of course the real time.windows.com will never
be seen, nor will any other hosts on the time.windows.com domain such as
abc.time.windows.com, although I don't think there are any, nor do I really
care as all of the other normally windows.com hosts are unaffected.
And the Windows laptop users get time service when they're home instead of
being "wired" to use the internal time server.
Basically, outside of the caveat above, is there any reason not to do this?
Some hidden danger that I'm not aware of?
Thanks,
Chris
|