The sys admin's daily grind: Ntpd

Borrowed Time

Article from Issue 154/2013

The Network Time Protocol keeps Charly up to date at all times. To put all of this punctuality in the service of the common good, he even exports the time signal.

If the clock on my personal laptop is a few seconds fast or slow, this is not dramatic. On a server, however, it's different. Logfiles should  – at least – be synchronized to the exact second; otherwise, troubleshooting becomes a pain. The software that handles this synchronization is, of course, the NTP daemon (ntpd) [1]. As a special hardware time source, you could use a suitable DCF  77 or GPS receiver, for example. If you don't have one of those, you could ask some other time servers – you need to poll several to compute the time from the running time differences of the UDP packets on the network.

The NTP configuration in the /etc/ntp.conf file on my Ubuntu lab machine lists five time servers:

server iburst
server iburst
server iburst
server iburst
# Use Ubuntu's ntp server as a fallback.

The iburst ("initial burst") keyword speeds up synchronization on the first connection. A list of public time servers is available online [2].

Borrowed Time

Just to check, I entered ntpq-p at the command line; this returned a list of all the time servers that my daemon contacted (Figure 1). The first column shows how reliable the time sources are: An asterisk (*) denotes the current reference server. A plus sign means that the time from this server is used to compute the mean value. Servers with a minus sign have recently supplied times with too large of a deviation – if this problem were to exist permanently, I would need to delete them from the configuration.

Figure 1: Ntpd provides information on time servers, which it uses as references for its computations.

Sharing Free Time

Furthermore, nothing prevents me from providing my time server to others. The expected traffic is minimal, and the safety risks are also minimal if this setup is configured correctly. Specifically, in /etc/ntp.conf, I need to stipulate that external NTP clients can retrieve time information but not configure anything. The following lines do the trick:

restrict -4 default kod notrap nomodifynopeer noquery
restrict -6 default kod notrap nomodifynopeer noquery

If you do not use IPv6, you can leave out the second line, of course.

How do other users learn about my time server? The best way is to add it to a popular time network like [3]. A working ntpd is the only prerequisite for time servers; you can complete a web form for the actual entries. The more people to join, the less the load per server, and most importantly: We all have more free time (Figure 2).

Figure 2: NTP users always need to correct a few milliseconds difference.

The Author

Charly Kühnast is a Unix operating system administrator at the Data Center in Moers, Germany. His tasks include firewall and DMZ security and availability. He divides his leisure time into hot, wet, and eastern sectors, where he enjoys cooking, freshwater aquariums, and learning Japanese.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly's Column

    On vacation we may be happy just to check the position of the sun,but computers need a more accurate measure of time. Luckily, there are atomic clocks that can receive time signals by radio and off the Internet.

  • Admin Workshop: NTP

    Networks often require very accurate timekeeping. The Network Time Protocol provides the time with precision.

  • Charly’s Column: Cluster SSH

    Charly doesn’t relish the idea of searching through the logfiles of a dozen proxy servers when page requests fail. Now that he has deployed Cluster SSH, he can pull the strings on many machines at the same time.

  • Charly's Column

    Parallel SSH is the name of an easy-to-configure tool that our resident sys admin, Charly, now routinely deploys whenever he needs to launch the same programs, copy the same files, or kill the same processes simultaneously on multiple computers.

  • Charly's Column: SSLScan

    If, like our author Charly, you manage SSL-secured servers, read on to discover a tool that you will definitely appreciate. It checks whether the complete security setup is up to date.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95


njobs Europe
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia