[ntp:questions] Re: ntpd

Steve Kostecke kostecke at ntp.isc.org
Thu May 11 13:40:11 UTC 2006


On 2006-05-09, Ted Gervais <ve1drg at av.eastlink.ca> wrote:

> Here is what I have in my ntp.conf file:
> -------------
> restrict default noquery notrust nomodify

For ntpd > 4.2.x 'notrust' means "ignore all NTP packets that are not
cryptographically authenticated. This is probably not what you thought
it meant.

Replace 'notrust' with 'nopeer'.

While you're at it, I strongly suggest that you take a look at
http://ntp.isc.org/Support/AccessRestrictions (and follow the decision
tree for setting your default restriction).

> restrict 127.0.0.1
> restrict 24.224.176.0 mask 255.255.248.0
> fudge 127.127.1.0 stratum 3
> server 127.127.1.0

ntpd will continue to discipline the clock using the last known values
in the event that all time sources become unreachable. 

You don't need to use the Undisciplined Local Clock, or LocalCLK,
(127.127.1.x) unless your ntpd is serving time to others _and_ you want
it to be able to claim that it is synced to something even when it is
not.

When ntpd is synced to the LocalCLK it will follow the drift of your
motherboard clock, which is usually worse than your wrist watch.

If you _really_ feel that you need to use the LocalCLK you should fudge
the stratum to 10, or more. Some of the pool servers you're using might
operate at Stratum 3 and it is possible that ntpd just might decide to
follow the LocalCLK if it were Stratum 3.

> server 0 pool.ntp.org
> server 1 pool.ntp.org
> server 2 pool.ntp.org
> server pool.ntp.org

You should append 'iburst' to your server lines. Doing so will reduce
the time for initial 'sync' from ~8 minutes to ~20 seconds.

> driftfile /etc/ntp.drift

Daemons have no business writing to /etc. Something like
/var/run/ntp/ntp.drift of /var/lib/ntp/ntp.drift would be more
appropriate.

> As well - I have no idea that ntp(d) is working? How can I tell

ntpq -p for your peer status (look for the '*' on one of your remote
time server lines. If the peer status billboard shows that your remote
time servers are unreachable (i.e. '0' in the reach column) then you
need to fix your network.

ntpq -crv and look for state=4 and a stratum of less than 16.

There may or may not be any messages in the log.

>and if it is how does it change the system time

The default behavior of ntpd is to step your clock if the offset if
greater than 128ms and to slew your clock if the offset is less than 128ms.

ntpd checks its offset when each poll interval expires. The poll
intervals start at 64 seconds and can increase up to 1024 seconds.

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/




More information about the questions mailing list