NTP server setup

First, make sure your system has the right time itself. You should therefore have the ntp or ntpd package installed and configured as a client.

Now simply add a restrict line without nopeer nor noquery against the subnetwork you want to. The additional mode7 eventually helps the deprecated ntpdc client program to work.

vi /etc/ntp.conf

server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10
statsdir /var/lib/ntp/stats
logfile /var/log/ntp
driftfile /var/lib/ntp/drift
pidfile /var/run/ntpd.pid

interface ignore wildcard
interface listen 10.2.2.1
interface listen 127.0.0.1
interface listen ::1
restrict CLUSTER-NETWORK mask 255.255.255.0 nomodify notrap
restrict 127.0.0.1
restrict ::1

server ntp.obspm.fr iburst
peer CLUSTER-PEER
enable mode7

Note there are other interesting options for restrict: limited kod.

Don’t forget to setup the local clock as a fail-over, if internet connection goes down, so you still provide the service,

server  127.127.1.0 # local clock
fudge   127.127.1.0 stratum 10

#server 127.127.1.1     # LCL, local clock
#fudge  127.127.1.1 stratum 12  # increase stratum

Acceptance

who are you synced with?

ntpq -p

also call the local daemon (mode7)

ntpdc -c sysinfo
ntpdc -l

Maintenance

For the purpose of a time server, don’t forget to sync the hardware clock once in a while. It should also happen at system shutdown anyhow.

    hwclock --utc --systohc

Resources

How to Install and Configure Linux NTP Server and Client http://www.thegeekstuff.com/2014/06/linux-ntp-server-client/

\7. Reference Clocks http://www.ntp.org/ntpfaq/NTP-s-refclk.htm

Reference Clock Support http://doc.ntp.org/current-stable/refclock.html

enable mode7 http://doc.ntp.org/current-stable/miscopt.html#enable

Reference Clock Commands and Options http://doc.ntp.org/current-stable/clockopt.html

Undisciplined Local Clock http://doc.ntp.org/current-stable/drivers/driver1.html

ntpdc - special NTP query program http://doc.ntp.org/current-stable/ntpdc.html

Network Time Protocol (NTP) https://www.meinbergglobal.com/english/info/ntp.htm

14.6. Basic NTP configuration http://www.tldp.org/LDP/sag/html/basic-ntp-config.html

HOWTO ensure your clock is accurate and showing the correct time using the Network Time Protocol http://en.linuxreviews.org/NTP_-_Howto_make_the_clock_show_the_correct_time

6.3. Various Tricks http://www.ntp.org/ntpfaq/NTP-s-config-tricks.htm

ntp.conf — Network Time Protocol (NTP) daemon configuration file format https://www.gsp.com/cgi-bin/man.cgi?section=5&topic=ntp.conf#Miscellaneous_Options

The NTP “ntpdc” shell command “peers” returns “localhost: timed out, nothing received” https://askubuntu.com/questions/799759/the-ntp-ntpdc-shell-command-peers-returns-localhost-timed-out-nothing-rec

cluster network

ntp.conf peer vs server https://unix.stackexchange.com/questions/180393/ntp-conf-peer-vs-server

ntpd Configuration File https://docs.ntpsec.org/latest/ntp_conf.html

How to bind ntpd to specific IP addresses on Linux/Unix https://www.cyberciti.biz/faq/how-to-bind-ntpd-to-specific-ip-addresses-on-linuxunix/

How to prevent ntpd to listen on 0.0.0.0:123? https://serverfault.com/questions/475635/how-to-prevent-ntpd-to-listen-on-0-0-0-0123

Is there any ntpd that can be configured to listen to selected interfaces only? https://stackoverflow.com/questions/30951638/is-there-any-ntpd-that-can-be-configured-to-listen-to-selected-interfaces-only

misc

System Clock Skewed? Read this Post, Especially if You Don’t Have Time https://www.signalsciences.com/blog/system-clock-skewed-read-post-if-no-time/


HOME | GUIDES | BENCHMARKS | html