Someone recently told me that it is a Cisco best practice to place a NTP server in your DMZ even if it does not need to reply to NTP requests from the public (Internet). Is this true and if so can someone point me to the Cisco document that describes this Best Practice??? (I was also told that all fortune 200 companies do it this way).
Example: NTP Server is in DMZ and has a public IP address. Internal clients query this NTP server for time updates. However, the NTP server does not need to responsd to external NTP queries from the internet.
I am a firm believer that if a server (or service) DOES NOT need to be accessed from clients on the internet then you do not place it in a DMZ and assign it a public ip address? Or are there special circumstances with NTP?
Any comments/suggestions would be helpful....