First, make sure your system has the right time itself. You should therefore have the ntp
or ntpd
package installed and configured as a client.
Now simply add a restrict line without nopeer
nor noquery
against the subnetwork you want to. The additional mode7
eventually helps the deprecated ntpdc
client program to work.
vi /etc/ntp.conf server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 statsdir /var/lib/ntp/stats logfile /var/log/ntp driftfile /var/lib/ntp/drift pidfile /var/run/ntpd.pid interface ignore wildcard interface listen 10.2.2.1 interface listen 127.0.0.1 interface listen ::1 restrict CLUSTER-NETWORK mask 255.255.255.0 nomodify notrap restrict 127.0.0.1 restrict ::1 server ntp.obspm.fr iburst peer CLUSTER-PEER enable mode7
Note there are other interesting options for restrict
: limited kod
.
Don’t forget to setup the local clock as a fail-over, if internet connection goes down, so you still provide the service,
server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 #server 127.127.1.1 # LCL, local clock #fudge 127.127.1.1 stratum 12 # increase stratum
who are you synced with?
ntpq -p
also call the local daemon (mode7
)
ntpdc -c sysinfo ntpdc -l
For the purpose of a time server, don’t forget to sync the hardware clock once in a while. It should also happen at system shutdown anyhow.
hwclock --utc --systohc
How to Install and Configure Linux NTP Server and Client http://www.thegeekstuff.com/2014/06/linux-ntp-server-client/
\7. Reference Clocks http://www.ntp.org/ntpfaq/NTP-s-refclk.htm
Reference Clock Support http://doc.ntp.org/current-stable/refclock.html
enable mode7 http://doc.ntp.org/current-stable/miscopt.html#enable
Reference Clock Commands and Options http://doc.ntp.org/current-stable/clockopt.html
Undisciplined Local Clock http://doc.ntp.org/current-stable/drivers/driver1.html
ntpdc - special NTP query program http://doc.ntp.org/current-stable/ntpdc.html
Network Time Protocol (NTP) https://www.meinbergglobal.com/english/info/ntp.htm
14.6. Basic NTP configuration http://www.tldp.org/LDP/sag/html/basic-ntp-config.html
HOWTO ensure your clock is accurate and showing the correct time using the Network Time Protocol http://en.linuxreviews.org/NTP_-_Howto_make_the_clock_show_the_correct_time
6.3. Various Tricks http://www.ntp.org/ntpfaq/NTP-s-config-tricks.htm
ntp.conf — Network Time Protocol (NTP) daemon configuration file format https://www.gsp.com/cgi-bin/man.cgi?section=5&topic=ntp.conf#Miscellaneous_Options
The NTP “ntpdc” shell command “peers” returns “localhost: timed out, nothing received” https://askubuntu.com/questions/799759/the-ntp-ntpdc-shell-command-peers-returns-localhost-timed-out-nothing-rec
ntp.conf peer vs server https://unix.stackexchange.com/questions/180393/ntp-conf-peer-vs-server
ntpd Configuration File https://docs.ntpsec.org/latest/ntp_conf.html
How to bind ntpd to specific IP addresses on Linux/Unix https://www.cyberciti.biz/faq/how-to-bind-ntpd-to-specific-ip-addresses-on-linuxunix/
How to prevent ntpd to listen on 0.0.0.0:123? https://serverfault.com/questions/475635/how-to-prevent-ntpd-to-listen-on-0-0-0-0123
Is there any ntpd that can be configured to listen to selected interfaces only? https://stackoverflow.com/questions/30951638/is-there-any-ntpd-that-can-be-configured-to-listen-to-selected-interfaces-only
System Clock Skewed? Read this Post, Especially if You Don’t Have Time https://www.signalsciences.com/blog/system-clock-skewed-read-post-if-no-time/