[ntp:questions] Badly drifting system time
Richard B. Gilbert
rgilbert88 at comcast.net
Sun Dec 3 15:45:36 UTC 2006
yorhel at gmail.com wrote:
> Tim Keck wrote:
>>yorhel at gmail.com wrote:
>>>I have used the NTP pool project for quite some time on several servers
>>>now, and I decided I wanted to help the project by donating an NTP
>>>server too. The problem is though, that my server has a badly drifting
>>>system time (it's about 10-15 ms/s too fast). I temporarily "fixed"
>>>that by running ntpdate as an hourly cron-job. But to run an NTP server
>>>I obviously need something better than that.
>>Yes, but this requires proper configuration (using ntp.conf) to do so.
>>If you would post the contetnts of ntp.conf and the output of ntpq -p
>>that would be a start.
> # ntp.conf
> restrict default noquery notrust nomodify
> restrict 127.0.0.1
> # I'm using the ntp pool for now, I'll change
> # to manually found servers when I join the pool
> server 0.nl.pool.ntp.org
> server 1.nl.pool.ntp.org
> server 2.nl.pool.ntp.org
> restrict 0.nl.pool.ntp.org noquery nomodify
> restrict 1.nl.pool.ntp.org noquery nomodify
> restrict 2.nl.pool.ntp.org noquery nomodify
> driftfile /etc/ntp.drift
> # -- end
> And 'ntpq -p' about one hour after starting ntpd:
> $ ntpq -p
> remote refid st t when poll reach delay offset
> www.dreamcommun 188.8.131.52 3 u 47 64 377 4.123 -48826.
> lolly.dreamcomm 184.108.40.206 3 u 44 64 377 4.044 -50219.
> mallos2.xs4all. 220.127.116.11 3 u 6 64 377 14.200 -49269.
Lose the restrict statements!!!!!
You cannot use restrict with the pool servers because the code does not
support DNS lookups; you would have to specify actual numeric IP
addresses in the restrict statements in order to make it work.
I suspect that "restrict notrust" is your problem. The semantics of
notrust vary with the version of ntpd but the current meaning requires
cryptographic authentication which you have not set up.
More information about the questions