[ntp:questions] just joined the pool, a check list

Dennis Hilberg, Jr. timekeeper at dennishilberg.com.invalid
Wed Nov 7 21:02:32 UTC 2007


Cyrille37 wrote:
> Hello
> I've just joined the pool with a server running ntpd 4.2.4p4.
> I would like to have done well, so I post here the configuration for
> comments if needed.
> 
> 1/ ntpd is lauched with option -g
> 
> 2/ here is ntpd.conf :
> 
> statsdir /var/log/ntpstats/
> statistics loopstats peerstats clockstats
> filegen loopstats file loopstats type day enable
> filegen peerstats file peerstats type day enable
> filegen clockstats file clockstats type day enable

Since you aren't running a clock driver, clockstats won't generate anything.

> driftfile /etc/ntp.drift

I've been told it's bad practice to allow ntpd to write to /etc .  You 
should use /var/lib/ntp.drift or something similar.

You also don't have a logfile specified.

> server ntp.via.ecp.fr iburst dynamic
> server ntp.obspm.fr iburst dynamic
> server ntp1.belbone.be iburst dynamic
> server ntp1.kamino.fr iburst dynamic
> server timeserver.ntp.ch iburst dynamic
> server canon.inria.fr
> server ntp.probe-networks.de

According to the documentation, the dynamic option isn't supported in the 
current implementation.  You should use iburst on all your servers.

> restrict -4 default kod notrap nomodify nopeer noquery
> restrict -6 default kod notrap nomodify nopeer noquery

You don't specify -4 or -6 with restrict.  And don't use the 'noquery' 
option as that turns off 'ntpq' and 'ntpdc' queries.  A lot of operators 
like to know information about their clients.  Plus, if you set:

restrict default kod notrap nomodify nopeer noquery

You won't be able to query your server from the local machine, unless you 
specify a restriction for it.

Set it up like this:

# Default access restrictions (applies to all clients, local or not)
restrict default kod nopeer nomodify notrap

# Allow localhost unrestricted access
restrict 127.0.0.1


So to summarize, here is a fixed ntp.conf:


# Default access restrictions (applies to all clients)
restrict default kod nopeer nomodify notrap

# Allow localhost unrestricted access
restrict 127.0.0.1

server ntp.via.ecp.fr iburst
server ntp.obspm.fr iburst
server ntp1.belbone.be iburst
server ntp1.kamino.fr iburst
server timeserver.ntp.ch iburst
server canon.inria.fr iburst
server ntp.probe-networks.de iburst

driftfile /var/lib/ntp.drift

logfile /var/log/ntp/ntp.log

statsdir /var/log/ntp/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable


-- 
Dennis Hilberg, Jr.      timekeeper(at)dennishilberg(dot)com
NTP Server Information:  http://saturn.dennishilberg.com/ntp.php




More information about the questions mailing list