[ntp:questions] Suitable ntp.conf for public NTP server?

Richard B. Gilbert rgilbert88 at comcast.net
Sun Oct 29 13:21:40 UTC 2006

Dennis Hilberg Jr wrote:

> Thanks for replying.
> No, I do not have a static IP address with Comcast.  However, I have had 
> good luck with them in this area regarding consistent IP addresses.  I moved 
> to my current home back in the beginning of February 2006, and had the same 
> IP address until just about a week ago.  At my previous residence, I had the 
> same IP address for almost two years.
> I don't use DynDNS, but I do have a website through a provider that allows 
> its users to edit their own DNS records.  So I created a custom A record for 
> my server as a sub-domain of my website, which points to my IP address here. 
> It works great.  So if/when my IP address changes, all I would have to do is 
> update the A record in my web's DNS configs.  Which I think would be easier 
> than having to submit an IP address change to the pool.  But my IP changes 
> are so infrequent that I think I would be ok.  This is really the only 
> reason I'm considering submitting the server, as I really don't want to 
> create any issues for the pool by having an IP address that would change 
> frequently.
> I do not have a UPS system either.  Is this a requirement?
> After reading your reply, and doing more research, I've come up with this 
> ntp.conf:
> restrict default kod nomodify notrap nopeer noquery
> restrict
> restrict mask nomodify notrap nopeer noquery
> server bigben.cac.washington.edu   iburst       # University of Washington, 
> Seattle, WA
> server utcnist.colorado.edu        iburst       # JILA Laboratory, 
> University of Colorado
> server time-nw.nist.gov            iburst       # Microsoft Corporation, 
> Redmond, WA
> server father-time.t-bird.edu      iburst       # The Garvin School of 
> International Managment, Glendale, AZ
> server time-a.timefreq.bldrdoc.gov iburst       # NIST Boulder Laboratories, 
> Boulder, Colorado
> server clepsydra.dec.com           iburst       # HP Western Research 
> Laboratory, Palo Alto, CA
> server time.xmission.com           iburst       # XMission Internet, Salt 
> Lake City, Utah
> driftfile /etc/ntp/drift
> logfile /var/log/ntp/ntp.log
> statsdir /var/log/ntp/
> statistics loopstats peerstats clockstats
> filegen loopstats file loopstats type day enable
> filegen peerstats file peerstats type day enable
> filegen clockstats file clockstats type day enable
> # Authentication parameters
> #keys           /etc/ntp/keys
> #trustedkey     2 3 4
> #controlkey     3       # To access the ntpq utility
> #requestkey     2       # To access the ntpdc utility
> The keys I do not have set up yet.  What would be the purpose of having keys 
> on a public server?  Or maybe I don't understand what the keys are for.  And 
> doesn't 'noquery' in the default restrictions prevent remote access of ntpq 
> and ntpdc?
> Thanks again.

The purpose of having keys is to enable you to use the privileged 
functions of ntpdc and ntpq and to prevent strangers from doing so! 
Restrict noquery does prevent people from querying your server via ntpq 
or ntpdc.  Your clients, however, might just like to know some of the 
things ntpdc or ntpq could tell them.

The UPS is not a requirement, just a good idea.  Where I live the power 
company doesn't believe in preventative maintenance (like trimming 
trees) so every time we have a wind storm, the power lines contact 
branches, the fuse blows and we have no power for the two to three hours 
it takes them to come out and replace the fuse.  One of these days I'm 
going to break down and buy a generator to back up the UPS.

In a lot of places, the power can "blink" just long enough to cause a 
computer to reboot.  A UPS lets you "ride out" all these little glitches 
and gives you ten or fifteen minutes in which to do a clean shutdown 
when the power does go off.

More information about the questions mailing list