Setting up an NTP Time Server

What is NTP?

NTP stands for Network Time Protocol. It is a set of software programs that are used to keep accurate time on computers. It accomplishes this by referring to other time sources and then using some intelligent algorithms and taking into consideration transmission delays, and other factors arrives at very precise time keeping.

Keeping your time synced on server is important for a number of reasons. Logging and authentication are two reason why you would want you time on server it be kept in sync. Here are some link to find out more about how NTP works, or the history of NTP. This howto will just go through how I have installed NTP on my servers.

What Kind of Hardware is needed.

NTP uses UDP packets and is sensitive to time delays and variations on the network. A server that is not heavily loaded with other services is best in order to keep accurate time. The CPU utalization is not high for an NTP server and an old 486 Class system will work fine if it is now doing anything else.

Begining the Installation

NTP is included now with the base system in FreeBSD. I usually install the latest version from the ports tree though. You can find the NTP port in: /usr/ports/net/ntp

Building the port

# cd /usr/ports/net/ntp
# make install
# make clean

Choosing the Time server to sync from

For NTP to work, it must have an accurate time server to sync from. Generally the best source is by connecting the GPS receiver directly to the server. This is not always possable (or desirable) so the next best thing is to sync with the Stratum 1 server. Stratum 1 server are servers that are connected directly to an accurate clock (like a GPS receiver). Stratum 2 servers are server that sync from a Stratum 1 server.

Here is a link showing a number of Stratum 1 and 2 servers. Please note that unless the server has an “open access” policy, it is best to email the administrator and ask for access. NTP does not generate a lot of traffic for a single client but a public Stratum 1 server will see a very large amount of traffic.

http://ntp.isc.org/bin/view/Servers/StratumOneTimeServers
http://ntp.isc.org/bin/view/Servers/StratumTwoTimeServers

Editing the Configuration File

The configuration file is called ntp.conf and is located in /usr/local/etc (or /etc ). The file might not already exist so it should be created. Edit the file and add the following lines changing the example ntp server to the ones that you have picked from the lists above.

# NTP Configuration File ( /usr/local/etc/ntp.conf )
# This is the configuration file for NTP. More information can be
# found at www.NTP.org
#
# This computer will ask as a Statum 2 time server and sync off of
# 4 Statum 1 servers.
server time-nw.nist.gov iburst
server tick.usask.ca iburst
server tock.usask.ca iburst
server time.nist.gov iburst

# lot, lets use the file to keep track of the drift
# amount and compensate
driftfile /var/db/ntp.drift

 Setup the logging
logfile /var/log/ntp.log

# notrust - Ignore all NTP packets that are not cryptographically authenticated
# noquery - Do not allow the host to query your ntpd status.
# kod - Send a Kiss-of-Death packet if the limit flag is present and the
# packets violate the rate limits.
# notrap - Decline to provide mode 6 control message trap service.
# nopeer - Deny packets that would result in mobilizing a new association.
restrict default kod nomodify notrap nopeer noquery

# Allow everything from myself
restrict 127.0.0.1

# it's considered bad form not to allow your upstream time server to
# query your status.
#time.nist.gov
restrict 192.43.244.18 nomodify

#time-nw.nist.gov
restrict 131.107.13.100 nomodify

#tick.usask.ca
restrict 128.233.154.245 nomodify

#tock.usask.ca
restrict 128.233.150.93 nomodify

I think most of the commands above shouldn’t require an explanation but some lines do. The ‘server’ lines tell your ntpd daemon what upstream server to sync with. A good rule of thumb is to have at least 3 servers to sync with but no more than 5. Please note that the ones I have listed above do not exist and should be changed to one that you pick.

The ‘iburst’ argument at the end of the server line tells the ntpd server to sync the local clock as soon as possable on boot. It’s called quick sync-up.

Save the file as /usr/local/etc/ntp.conf when you are finished editing it.

Running NTPD on Startup

On FreeBSD, there are some variables that need to be setup on /etc/rc.conf. Add the following lines to the end of /etc/rc.conf (this assumes that you are using ntp from the ports).

ntpd_enable="YES"
ntpd_program="/usr/local/bin/ntpd"
ntpd_config="/usr/local/etc/ntp.conf"
ntpd_sync_on_start="YES"
ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift"

NTP will now automatically start up when the server is booted. To stop and start the ntp serivce manually (assuming FreeBSD > version 6.1) enter the following command.

# /etc/rc.d/ntpd stop
# /etc/rc.d/ntpd start

Leave a Comment

Your email address will not be published. Required fields are marked *