TOI Author :: Radek Szymanski

EOS 4.35.0F introduces support for Network Time Security (NTS), as defined in RFC8915. NTS provides modern cryptographic security for the client-server mode of the Network Time Protocol (NTP). It separates key establishment from time synchronization by using a TLS-based NTS Key Establishment (NTS-KE) protocol to negotiate symmetric keys and encrypted cookies. These cookies are included in subsequent NTP packets to enable stateless authentication by the server. NTS ensures that time synchronization data is received from a legitimate source and has not been modified in transit.

The software for Syslog, NTP and SNMP used in EOS resolves hostnames at service start-up. It’s possible that during service operation, the configured host becomes unavailable and the configuration needs to be set to a different host to continue the service. The problem is that such change requires manual restart of the service. Even if the hostname doesn’t change and only the underlying address is updated at the DNS server, the administrator has to manually reset service configuration.