[ntp:questions] Badly drifting system time

Richard B. Gilbert rgilbert88 at comcast.net
Sun Dec 3 15:45:36 UTC 2006


yorhel at gmail.com wrote:

> Tim Keck wrote:
> 
>>yorhel at gmail.com wrote:
>>
>>>I have used the NTP pool project for quite some time on several servers
>>>now, and I decided I wanted to help the project by donating an NTP
>>>server too. The problem is though, that my server has a badly drifting
>>>system time (it's about 10-15 ms/s too fast). I temporarily "fixed"
>>>that by running ntpdate as an hourly cron-job. But to run an NTP server
>>>I obviously need something better than that.
<snip>
>>Yes, but this requires proper configuration (using ntp.conf) to do so.
>>If you would post the contetnts of ntp.conf and the output of ntpq -p
>>that would be a start.
>>Tim Keck
> 
> 
> # ntp.conf
> restrict default noquery notrust nomodify
> restrict 127.0.0.1
> 
> # I'm using the ntp pool for now, I'll change
> # to manually found servers when I join the pool
> server 0.nl.pool.ntp.org
> server 1.nl.pool.ntp.org
> server 2.nl.pool.ntp.org
> 
> restrict 0.nl.pool.ntp.org noquery nomodify
> restrict 1.nl.pool.ntp.org noquery nomodify
> restrict 2.nl.pool.ntp.org noquery nomodify
> 
> driftfile /etc/ntp.drift
> # -- end
> 
> And 'ntpq -p' about one hour after starting ntpd:
> $ ntpq -p
>      remote           refid      st t when poll reach   delay   offset
> jitter
> ==============================================================================
>  www.dreamcommun 130.88.200.98    3 u   47   64  377    4.123  -48826.
> 1992.79
>  lolly.dreamcomm 194.159.73.44    3 u   44   64  377    4.044  -50219.
> 1708.12
>  mallos2.xs4all. 131.211.80.155   3 u    6   64  377   14.200  -49269.
> 1993.65
> 

Lose the restrict statements!!!!!

You cannot use restrict with the pool servers because the code does not 
support DNS lookups; you would have to specify actual numeric IP 
addresses in the restrict statements in order to make it work.

I suspect that "restrict notrust" is your problem.   The semantics of 
notrust vary with the version of ntpd but the current meaning requires 
cryptographic authentication which you have not set up.




More information about the questions mailing list