pavement

NTP, configuring

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
m (markup)
(NTP pool servers)
Line 29: Line 29:
 
Now that you've configured your ntp.conf file and want to use your server, start up the program manually:
 
Now that you've configured your ntp.conf file and want to use your server, start up the program manually:
 
  # ntpd -p /var/run/ntpd.pid
 
  # ntpd -p /var/run/ntpd.pid
 +
 +
===NTP pool servers===
 +
Please consider using the [http://ntp.isc.org/bin/view/Servers/NTPPoolServers NTP Pool servers].  These are public time servers selected by round-robin.  The DNS reference changes each hour. These time servers have ''volunteered'' to offer their services through the pool.  To [http://www.pool.ntp.org/use.html use the pool], for example, users in the U.S. would add these lines to their /etc/ntpd.conf
 +
  server 0.us.pool.ntp.org
 +
  server 1.us.pool.ntp.org
 +
  server 2.us.pool.ntp.org
 +
 +
As the server pool grows, the regions will become increasingly more specific, and the results will be even more reliable.  You do not need, and should not use, more than three server lines in your /etc/ntpd.conf. 
 +
 +
Similarly, if you need to quickly set your system clock, to use the pool (if your ISP does not offer a time service) you would say (e.g. in the U.S.):
 +
  /usr/sbin/ntpdate 0.us.pool.ntp.org
 +
 +
It is usually considered poor manners to hit even a server pool more than a few times in a 24 hour period.  If you're one of those many who are in the habit of synching every clock on your LAN against a single public server, every few seconds, your IP may end up on the clock-master's p**p list, and your network's time of reckoning will eventually arrive - or worse, you will contribute to stopping these vital services.
  
 
==Auto-starting ntpd==
 
==Auto-starting ntpd==

Revision as of 18:47, 10 April 2006

After installing Ntp, you'll want to configure it properly. Remember to allow TCP and UDP ports 123 if you're firewalling the client/server.

Contents

NTP Clients

If you're a client, you'll need to listen locally if you've got an NTP server locally to get the time. To start, edit /etc/ntp.conf and make sure it has something like this in it:

# Because the computer clocks drift, keep the drift info somewhere:
driftfile /etc/ntp.drift 

# if we are a client that listens to NTP broadcasts on the LAN, uncomment this line:
#broadcastclient

# Let's setup a log file for NTP:
logfile /var/log/ntp.log

NTP Servers

First, synchronize to a known good time server -- there are many listed at ntp.isc.org, and due to common sense and politeness, I won't list one particular server here, but the US Navy has some servers available -- be sure to read their policies for allowed use. Once you've got a server that you can use, run

ntpdate time.someserver.somewhere.com 

and your system will update to that time. You may want to verify that the time is correct, if you've got a Java-capable browser handy, time.gov will give you the correct time for the timezone you're in.

Once you've got that done, find a server that you can update from regularly -- be sure you've read through the documentation and obtained permission to use the server (seriously, this is important, folks have no sense of humor about this, see links below for why) -- it's time to set up your /etc/ntpd.conf which will at a minimum need to have three lines:

server time.someserver.somewhere.com prefer
driftfile /var/db/ntpd.drift
restrict default ignore

The server line may be repeated, and if you leave out the "prefer" keyword and have multiple server lines, then you'll round-robin through the list. If you have multiple server lines and leave the "prefer" keyword in, you'll only go to the other servers (without the "prefer") if your "preferred" server can't be reached.

(stub on how to use restrict)

Now that you've configured your ntp.conf file and want to use your server, start up the program manually:

# ntpd -p /var/run/ntpd.pid

NTP pool servers

Please consider using the NTP Pool servers. These are public time servers selected by round-robin. The DNS reference changes each hour. These time servers have volunteered to offer their services through the pool. To use the pool, for example, users in the U.S. would add these lines to their /etc/ntpd.conf

  server 0.us.pool.ntp.org
  server 1.us.pool.ntp.org
  server 2.us.pool.ntp.org

As the server pool grows, the regions will become increasingly more specific, and the results will be even more reliable. You do not need, and should not use, more than three server lines in your /etc/ntpd.conf.

Similarly, if you need to quickly set your system clock, to use the pool (if your ISP does not offer a time service) you would say (e.g. in the U.S.):

 /usr/sbin/ntpdate 0.us.pool.ntp.org

It is usually considered poor manners to hit even a server pool more than a few times in a 24 hour period. If you're one of those many who are in the habit of synching every clock on your LAN against a single public server, every few seconds, your IP may end up on the clock-master's p**p list, and your network's time of reckoning will eventually arrive - or worse, you will contribute to stopping these vital services.

Auto-starting ntpd

Edit your /etc/rc.conf and add this to the end;

# ntpd sets the time in small increments, ntpdate sets the time
# no matter how large the discrepancy is. If you're running ntpd
# you'll want to weigh the risks of getting a wildly different time
# given to your system from whatever system _you_ are getting the
# time from. If you're polling time data from absolutely known-good
# servers, it might not be a bad idea to get the time from them on boot-up.
# If you want to do that, uncomment this line;
# ntpdate_enable="NO"
# turn on the ntp daemon:
ntpd_enable="YES"
# The NTP program is located here:
ntpd_program="/usr/local/bin/ntpd"
# and we want to use it with these options; see man page for details
ntpd_flags="-A -g -N -c /etc/ntp.conf -p /var/run/ntpd.pid -l /var/log/ntpd.log"


Note: ntpd_enable was xntpd_enable in older FreeBSD releases (before FreeBSD-5). If you're running FreeBSD-4, replace every instance of ntpd with xntpd (xntpd_enable="YES", for example).

NTP etiquette

The N stands for Network, but if you've got your own network, it behooves you -- and you're expected to -- either keep an ntp server for it or use one that you're allowed to; your ISP's or one you setup yourself. NTP stratum 1 servers are neither ubiquitous nor fair use for everyone. If you have a GPS or atomic-clock enabled server, then you can run your own stratum 1 server. More than likely you'll want to run a stratum 3 (or higher) server for your network, and you'll want to pull time from stratum 2 or 1 servers that are more accurate for you.

Horror stories on why you want to only use servers you're allowed to:

http://www.cs.wisc.edu/~plonka/netgear-sntp/

http://people.freebsd.org/~phk/dlink/

http://www.lightbluetouchpaper.org/2006/04/07/when-firmware-attacks-ddos-by-d-link/

Personal tools