Link to home
Start Free TrialLog in
Avatar of Brian B
Brian BFlag for Canada

asked on

What is the safest way to allow internet access to the time?

I am trying to set up a firewall (Cisco ASA, but I don't think that matters) to allow an internal time server out to the internet to synch its clock. The issue is this time server is also a DC/DNS server. At the moment, the firewall is blocking all outside access anywhere except for a VPN connection to a specific server at a different office. We cannot use that link to synch the time though.

I'm thinking of using pool.ntp.org. However in order to do that, I would have to allow DNS. Since the time pool is a moving target, I can't allow just by IP, correct? But if I allow DNS that means other devices could get internet name resolution, even if they aren't allowed any sort of external access. Is there any risk in that? Or perhaps there is a better way to do this?
SOLUTION
Avatar of noci
noci

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Brian B

ASKER

Yes, but will those IPs change?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial