Running NTP Server on pfSense
-
I have my pfSense box running OpenVPN and serving as my DDNS relay. I'm also running Snort on it. My primary router is a Ubiquiti router.
I noticed a setting for an NTP server while messing around with the pfSense web configurator.
What is the advantage of running an NTP server within your own network?
My pfSense box is configured as 10.0.1.90. The router handles DHCP (I previously had used the pfSense box to handle it). If I were to configure the NTP server, do I put 10.0.1.90 as the NTP server on computers, Ubiquiti LAN configuration, etc.?
-
You could have your own stratum 0 server, such as a GPS receiver. Also, good practice is to have local servers to reduce the load on upstream servers. The more a server handles, the less precision it can provide.
-
In addition to that, there have been amplification attacks based on ntp. So using an external service increases your attack surface in any future possible breach attempts.
Best security practices dictates to use as less external services as possible.
Same goes for dns and forwarders.(and the beauty of running a stratum 0 ntp server, over pps, remains with the few who have attempted the task.
Now, I wish datacenters had glass roofs so gps could work on top of racks.. :)
