The sys admin's daily grind: Ntpd
The Network Time Protocol keeps Charly up to date at all times. To put all of this punctuality in the service of the common good, he even exports the time signal.
If the clock on my personal laptop is a few seconds fast or slow, this is not dramatic. On a server, however, it's different. Logfiles should – at least – be synchronized to the exact second; otherwise, troubleshooting becomes a pain. The software that handles this synchronization is, of course, the NTP daemon (
ntpd) . As a special hardware time source, you could use a suitable DCF 77 or GPS receiver, for example. If you don't have one of those, you could ask some other time servers – you need to poll several to compute the time from the running time differences of the UDP packets on the network.
The NTP configuration in the
/etc/ntp.conf file on my Ubuntu lab machine lists five time servers:
server ntps1-0.cs.tu-berlin.de iburst server ptbtime1.ptb.de iburst server ntp1.fau.de iburst server ntp.probe-networks.de iburst # Use Ubuntu's ntp server as a fallback. server ntp.ubuntu.com
iburst ("initial burst") keyword speeds up synchronization on the first connection. A list of public time servers is available online .
Just to check, I entered
ntpq-p at the command line; this returned a list of all the time servers that my daemon contacted (Figure 1). The first column shows how reliable the time sources are: An asterisk (
*) denotes the current reference server. A plus sign means that the time from this server is used to compute the mean value. Servers with a minus sign have recently supplied times with too large of a deviation – if this problem were to exist permanently, I would need to delete them from the configuration.
Sharing Free Time
Furthermore, nothing prevents me from providing my time server to others. The expected traffic is minimal, and the safety risks are also minimal if this setup is configured correctly. Specifically, in
/etc/ntp.conf, I need to stipulate that external NTP clients can retrieve time information but not configure anything. The following lines do the trick:
restrict -4 default kod notrap nomodifynopeer noquery restrict -6 default kod notrap nomodifynopeer noquery
If you do not use IPv6, you can leave out the second line, of course.
How do other users learn about my time server? The best way is to add it to a popular time network like pool.ntp.org . A working ntpd is the only prerequisite for time servers; you can complete a web form for the actual entries. The more people to join, the less the load per server, and most importantly: We all have more free time (Figure 2).
- NTP daemon: http://www.eecis.udel.edu/~mills/ntp/html/ntpd.html
- List of public time servers: http://support.ntp.org/bin/view/Servers/WebHome#Browsing_the_Lists
- Time server network ntp.org: http://www.pool.ntp.org/en/join.html
Buy this article as PDF
VMware bids for a stake in the container industry with a bold effort to integrate containers with its classic virtualization system.
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm