The sys admin's daily grind: Ntpd
The Network Time Protocol keeps Charly up to date at all times. To put all of this punctuality in the service of the common good, he even exports the time signal.
If the clock on my personal laptop is a few seconds fast or slow, this is not dramatic. On a server, however, it's different. Logfiles should – at least – be synchronized to the exact second; otherwise, troubleshooting becomes a pain. The software that handles this synchronization is, of course, the NTP daemon (
ntpd) . As a special hardware time source, you could use a suitable DCF 77 or GPS receiver, for example. If you don't have one of those, you could ask some other time servers – you need to poll several to compute the time from the running time differences of the UDP packets on the network.
The NTP configuration in the
/etc/ntp.conf file on my Ubuntu lab machine lists five time servers:
server ntps1-0.cs.tu-berlin.de iburst server ptbtime1.ptb.de iburst server ntp1.fau.de iburst server ntp.probe-networks.de iburst # Use Ubuntu's ntp server as a fallback. server ntp.ubuntu.com
iburst ("initial burst") keyword speeds up synchronization on the first connection. A list of public time servers is available online .
Just to check, I entered
ntpq-p at the command line; this returned a list of all the time servers that my daemon contacted (Figure 1). The first column shows how reliable the time sources are: An asterisk (
*) denotes the current reference server. A plus sign means that the time from this server is used to compute the mean value. Servers with a minus sign have recently supplied times with too large of a deviation – if this problem were to exist permanently, I would need to delete them from the configuration.
Sharing Free Time
Furthermore, nothing prevents me from providing my time server to others. The expected traffic is minimal, and the safety risks are also minimal if this setup is configured correctly. Specifically, in
/etc/ntp.conf, I need to stipulate that external NTP clients can retrieve time information but not configure anything. The following lines do the trick:
restrict -4 default kod notrap nomodifynopeer noquery restrict -6 default kod notrap nomodifynopeer noquery
If you do not use IPv6, you can leave out the second line, of course.
How do other users learn about my time server? The best way is to add it to a popular time network like pool.ntp.org . A working ntpd is the only prerequisite for time servers; you can complete a web form for the actual entries. The more people to join, the less the load per server, and most importantly: We all have more free time (Figure 2).
- NTP daemon: http://www.eecis.udel.edu/~mills/ntp/html/ntpd.html
- List of public time servers: http://support.ntp.org/bin/view/Servers/WebHome#Browsing_the_Lists
- Time server network ntp.org: http://www.pool.ntp.org/en/join.html
Buy this article as PDF
Xen project announces a privilege escalation problem for Qemu host systems
Attackers can compromise an Android phone just by sending a text message
PC vendor will pre-install Ubuntu on portables in India.
More embarrassment for Adobe's embattled multimedia tool
Mozilla’s script blocker add-on could be putting malware sites on the whitelist.
The Internet community officially banishes the notoriously unsafe Secure Sockets Layer protocol.
Popular desktop environment continues the Gnome 2 legacy – with new support for the Gnome 3 toolkit.
The Obama White House has issued a memorandum telling all US government agencies they must use HTTPS for all websites and web communication.
New program will dial up security for the Firefox browser.
Red Hat's community distro embraces the cloud.