Do I get this right? Your public IPv6 address is linked to your firewall/router!?
So if you change your firewall/Router then you get a new IPv6 address and you have to deregister your ntp server and re-register a new server?
So any time a NIC fails in a web server it will get a new address? WTF?
Or am I missing something?
And I canāt add my ntp serverās 6 IPv6 ports directly to the pool, as itās an appliance, and I canāt run a curl command from it to verify itā¦ 
If you let your address be assigned by a SLAAC mode that is linked to your MAC address then yes.
There is however in theory nothing stopping you changing how your addresses are assigned, or statically assigning different ones in addition to the one you got from SLAAC. In practice how exactly you do that is going to be dependent upon your router and the operating system running on the device. It might not even be possible, if either of those is not very good.
You would not normally use a SLAAC-assigned address for publishing services.
There are other SLAAC modes as well, that arenāt linked to MAC address, since leaking your MAC address can be a privacy concern.
Iām running OPNsense firewall, my IPv6 mode is set to DHCPv6, and I set āRequest only a prefixā. I get a /56 subnet, of which I assigned one subnet to my NTP network.
I canāt see anywhere to fix my IPv6 address, unless I disable CP and set a truely fixed IPv6 address, and I donāt know if my ISP will like that. Do they expect/insist on a dhcp request? Do I still have my /56 subnet if I donāt do a dhcp request? My ISP did say that, although my IPv6 lease is only for 60 seconds(), it is a static lease. 
I did figure out how to do the indirect server verification, but I had to do that on the router while binding to the NTP network else the verification complained that I was using a different network.
But now, instead of adding one IP that round-robbin between my ntp serverās ports, I had to add all of the ports as individual serversā¦ Fun times.
The verification proccess must be done from an IP in the same net range
(IPv6 could be wrongā¦)
Ok, I figured out I can add a virtual IP to my WAN interface. I have only ever used that on LAN interfaces to get a second subnet, but it worked on the WAN too. I still hate IPv6 though.
Iām assuming it has to be on the same /64 subnet? I had to modify the āremoteā verification curl command to bind, on the firewall, to the interface with the same /64 subnet that my NTP server is on, to get it to verify.
Not in general, no. Itās quite possible to configure a system to have static IPv6 addresses, and thatās what Iād recommend if youāre planning to publish the address in the DNS.
For example, on one of my Ubuntu systems I have something like this in the Netplan configuration:
network:
version: 2
bonds:
primary:
addresses:
- "131.111.8.60/23"
- "2a05:b400:c::123:60/64"
This adds those two IP addresses to the ones already present on the āprimaryā interface, and those are the addresses that Iāve put into the Pool.
I think what you should do in that circumstance is to leave the router doing DHCPv6, but configure the NTP server with a static IPv6 address based on the prefix that you know is actually static.
I ended up doing both.
I gave my NTP serverās 4 ports each a static IPv6 address. But I prefer my NTP server be behind a load balancer so one address round-robbins between the NTP serverās addresses.
So I added a virtual IP to my WAN address, basically just the static part:
Iām still waiting for the testers to come online.
Iāve also added the 4 ports individually to the pool.
Thanks for your efforts to add much-needed pool servers and monitors to South Africa.
Pleasure. But no monitors, yet. I need to be āactive in the communityā before I can set up a monitor.
And South Africa does need monitors. But for NTP servers we are quite well stocked I think. Iāve tried to get dual citizenship for my server to assist Zimbabwe(they have one server, which then has to handle all their traffic) but I got no response on my email request. And I donāt know how many clients there is in Zim, maybe one server is enough?
Still waiting for mine to be transitioned from āStatus testingā to āStatus activeāā¦
Sorry it doesnāt.
All monitors on the planet will check your servers.
They do not have to be in a country specific.
As only the best monitors for your servers are selected, the others are ignored.
As such you do not need monitors, that is the beauty of the new system.
We have so many monitors to use, that there will alsways be enough to determine if your server is a good ticker.
Do not worry about monitors, they just check your ticker 
Me 1 too. It will happen over time.
Not to worry.
I run pfSense on my firewall. My ISP uses PPPoE for IPv4 and DHCPv6 for IPv6. This results in me getting a public IPv6 address via SLAAC plus I have a /48 prefix delegated to me via DHCPv6. I do not use the SLAAC address for anything; I dedicate the xxxx:0/64 subnet of the /48 to my WAN interface and assign a fixed address within that subnet to the WAN interface using the VIP capability. My observation is that all outbound traffic then uses the statically assigned address and that address is the one I use when exposing services to the Internet. If I had to switch to using a different physical interface for the WAN then I would just move the VIP to that interface. I imagine OPNsense has the same capability (though I donāt know for sure).
That sounds exactly like a privileged European talking. Where are most of the monitors located? Europe. Am I serving time to Europe? No. So why are my server tested from countries it will never serve?
Iām tired of Monitors that say that my time is 100ms slow. I donāt care about the āBut itās the clientās experience that determines if my time is correctā bs. Not when the monitors are in EU and my clients are in Africa. If the āclientsā aka monitors want to say if my time is correct then they should be within my actual client base, and not 8000Km away.
Great, so there are 3 IPv6 monitors within 70ms from me and 2(Yes TWO) IPv4 monitors within 70ms. Now tell me how āonly the best are chosenā. It doesnāt help if there ISNT ENOUGH CHOICE!
At 6am this morning(my time) there was an IPv6 āissueā that didnāt affect IPv4. Was that a remote network issue? Was it on my side? Was it my ISP? I canāt say, because there is 8000Km between my monitors and me, so lots of places for crap to happen. And as we speak, there are 4 IPv6 candidate monitors are negative, and heading down, one at -44. And itās messing up my graphs!
I also donāt care about the āabove 10 is okā rubbish. I care about the service Iām delivering, and want to provided as good a service as I possibly can. Just āgood enoughā isnāt good enough.
Excuse me? This is really insulting. The monitors have no other function then checking if your server works and itās on time.
You can check this yourself, if your server has 20 as score (could be worse due to rebooting, lines cut, routing problems etc) then the monitors do their job.
I was the one complaining real hard to make the monitor-system better, I wrote entire papers here in the forum to outline how it could be improved.
@ask Did take my idea to heart and changed the system from 1 monitor to about 60 now.
Even his testing server had only 3 monitors and took a lot of systems out of the pool.
So before you attack me as being Euro-trash, you should look at your score.
Show me your server-page, if itās bad itās bad. But consider this, monitors donāt judge, they just measure.
I insisted to Ask to have monitors better located all over the world, instead of 1 that knocked-out a lot of systems out of the pool.
So please show me your pageā¦.before making more comments like this, as it should NOT matter where monitors are. All that matters is that THEY monitor servers correctly.
Show me please.
Update: Found themā¦.. pool.ntp.org: Errol's pool servers
They are ALL in the pool! THE MONITORS found your servers to tick correctly.
The time you see is PING-time, itās not the āwrong-timeā, just how long it takes for the monitors to reach your server,
How long are these servers online? As when itās short, it will change. All in all, all your servers are monitorred to be OK and accepted in the pool.
Update2, a ZA-monitor wonāt change the scores, you may think that, but it wonāt.
Update3, I saw 2 ZA monitorsā¦
IPv6 does not use MAC address but DUID. If you always feed the DHCPv6 server the same DUID, youāll always get the same address and/or prefix, regardless if your MAC has changed. I talk from years of experience with IPv6.
I think this is the key. I have seen graphs where a single or just a few remote monitors cause the graph to look unnecessarily bad. Much of this could be fixed by not showing the āCandidateā monitors in the graph by default, as theyāre likely further away and more susceptible for asymmetric or other routing issues. In addition to simply not showing the Candidate monitor data on the graphs, the millisecond scale should also be adjusted so that itād be suitable for the remaining Active and Testing monitors. Naturally there should also be an option to show the Candidate monitors as well, in case someone wants to see the bigger picture.
Iāll need to point out that a natural reason for this is that most of the NTP servers in the pool are in Europe. Hereās a list of number of IPv4 servers, monitors and the ratio in each continent:
Africa: 68 servers, 3 monitors, 23 servers/monitor
Asia: 313 servers, 15 monitors, 21 servers/monitor
Europe: 2360 servers, 36 monitors, 66 servers/monitor
NorthAm: 770 servers, 19 monitors, 41 servers/monitor
Oceania: 112 servers, 1 monitor, 112 servers/monitor
SouthAm: 57 servers, 4 monitors, 14 servers/monitor
(sorry, I didnāt bother counting IPv6 server/monitor statistics)
I donāt think the 23 servers per monitor ratio is particularly bad for Africa.
Edit: A bunch of monitors was recently activated for active duty, hereās an updated continent list:
Africa: 68 servers, 4 monitors, 17 servers/monitor
Asia: 315 servers, 21 monitors, 15 servers/monitor
Europe: 2360 servers, 46 monitors, 51 servers/monitor
NorthAm: 760 servers, 24 monitors, 32 servers/monitor
Oceania: 112 servers, 2 monitors, 56 servers/monitor
SouthAm: 56 servers, 5 monitors, 11 servers/monitor
I insisted to Ask to have monitors better located all over the world, instead of 1 that knocked-out a lot of systems out of the pool.
Itās a little much to take credit for that; it was a discussion with many people here and elsewhere over many years (and mostly just a lot of work to implement it well).
@Bas, your tone the last days has been very dismissive and abrasive. I think itās likely making what you are trying to say gets lost in how you say it.
I think itās a /64 network for verifying IPv6.