NTP - Howto make the clock show the correct time
How to get started with ntpdate, the tool for constantly adjusting the system clock to the internet.
 Installing ntpd
First, make sure ntp/ntpdate are installed. The package is by default installed on Mandrake, Fedora, CentOS and Redhat. If you do not have ntp installed you will much likely find packages on your distributions install-cd(s).
The package is named ntp on most distributions (yum install ntp, apt-get install ntp, emerge ntp).
 No IPv6 listening for you!
It must be mentioned that NTP <= atleast v4.2.0a does NOT support listening on IPv6 IPs. ntp-dev-4.2.5p16 can. However, NTP v4.x can use IPv6 NTP servers (they just can't be one).
 The Setup: Client (Desktop) configuration
Most people just need a nice client setup which asks timeserver(s) what time it is and adjusts the local clock accordingly. The default /etc/ntp.conf configuration file is actually quite cool out-of-the-box most distributions, including Fedora Core and CentOS, but you may want to change it anyway.
This is a nice client setup, and the only thing you need to change is the line where timeservers to use is given:
restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 restrict -6 ::1 # Timeserver(s) to (ab)use server ntp.xiando.com server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 driftfile /var/lib/ntp/drift
 Picking timeservers
There are two things to consider when picking timeservers: Distance (d), and stratum. stratum really means "How l33t is this sever?". Servers who are able to figure out what time it is all on their own, without using the Internet, are very l33t and thus; Stratum 1.
It is, for example, possible to figure out what time it is using GPS satellites. Servers who get the (supposedly) correct time using GPS are Stratum 1.
Easy picking: Use pool.ntp.org. For example:
server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org
There are local ntp pools for most parts of the world, for example:
server 0.europe.pool.ntp.org server 1.europe.pool.ntp.org server 2.europe.pool.ntp.org server 3.europe.pool.ntp.org
And there are also local country pools, such as dk.pool.ntp.org (Denmark), fr.pool.ntp.org (France), etc.
server 0.fr.pool.ntp.org server 1.fr.pool.ntp.org server 2.fr.pool.ntp.org server 3.fr.pool.ntp.org
 What the fudge?
There are two lines you should have in your configuration:
server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10
server says that the local system clock is a timeserver. fudge says that this server is stratum 10. If you are connected to the Internet then you are likely using timeservers who are more l33t than stratum 10 what time it is, and these servers are used because they have lower stratum and thus; higher priority.
However, if you are disconnected from the Internet then they are unavailable and you're left with the local clock. Using fudge to say that the local clock is stratum 10 makes ntp use the local clock when no timeservers are available. This is good because it makes sure you can disconnect your box from the Internet without getting your clock screwed.
 Client (Desktop) alternatives to using ntpd
It must be mentioned that you don't need to run ntpd to use timeservers.
Using ntpd is good because it kind of smooths things over and gradually adjusts the system clock. This is good because some software may become very confused if the clock suddenly and unexpectedly jumps 5 minutes back or forth.
However, ntpd does use like 5 MB system RAM, so there may be reasons why you don't want it running. There are small command-line tools can be used to set the clock to the correct time (you can also cron them, ie put'em in cron.hourly to set the clock every hour).
rdate is a simple 3 kB tool for syncing the system clock to a server. It's options are -p to print the date on the given server, -s to set the system clock according to it (must be done as root) and -u to use the UDP protocol. Example:
rdate -p sntp.lth.se
clockspeed is a very small tool for setting the clock and is, for clients, a much better alternative than installing the 4+ MB ntp package.
 The Setup: Timeserver configuration
You much likely want to run your own NTP server if you are a huge and profitable corporation, intelligence service or just a private citizen who happen to control a very large network.
The reason is this: Only one box really needs to get the correct time from the outside. This box can act as a timeserver for the rest of the boxes on your network.
Here's a nice "standard" configuration file for a timeserver:
restrict default kod nomodify notrap restrict -6 default kod nomodify notrap server ntp6.remco.org prefer server chime3.ipv6.surfnet.nl server ntp1.ipv6.lrz-muenchen.de server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 driftfile /var/lib/ntp/drift broadcastdelay 0.008 keys /etc/ntp/keys
It must be possible to connect to port 123, both UDP and TCP, from the outside / all boxes who will be (ab)using your timeserver.
 Access restrictions
restrict is probably the least understood part of ntpd configuration.
 Testing your time configuration
ntpq, the NTP query program, can give you all sorts of interesting information about your timeserver. ntpq -pn prints out a list of timeservers with all kinds of details.
remote refid st t when poll reach delay offset jitter ============================================================================== *126.96.36.199 188.8.131.52 2 u 31 64 377 21.327 -1.920 51.885 +184.108.40.206 220.127.116.11 2 u 36 64 377 19.674 1.051 21.248 +18.104.22.168 22.214.171.124 2 u 29 64 377 13.729 -2.967 14.251 +126.96.36.199 .PPS. 1 u 29 64 377 19.368 -2.663 46.154 +188.8.131.52 184.108.40.206 3 u 27 64 377 14.522 -7.704 45.818 +220.127.116.11 .GPS. 1 u 29 64 377 16.732 -2.492 47.149 +18.104.22.168 22.214.171.124 2 u 22 64 377 27.132 4.013 27.054 +126.96.36.199 188.8.131.52 2 u 30 64 377 14.999 -3.004 42.214 +184.108.40.206 220.127.116.11 2 u 25 64 367 27.519 -6.415 59.658 +18.104.22.168 22.214.171.124 2 u 27 64 377 22.964 -2.979 53.819 +126.96.36.199 188.8.131.52 2 u 14 64 377 37.822 13.056 77.190 127.127.1.0 .LOCL. 10 l 22 64 377 0.000 0.000 0.001
ntpq manpage story is that:
|-n||Output all host addresses in dotted-quad numeric format rather than converting to the canonical host names.|
|-p||Print a list of the peers known to the server as well as a summary of their state. This is equivalent to the peers interactive command.|
ntptrace is another nice command you may consider running. It prints out a nice list like this:
localhost: stratum 3, offset 0.013693, synch distance 0.122109 2001:618:400:5f49:1337::1: stratum 2, offset -0.000785, synch distance 0.071681 truetime.uoregon.edu: stratum 1, offset 0.000000, synch distance 0.003931, refid 'GPS'
You're localhost, you're stratum 3, you're using a server which is 2, and that server is using a server which is very l33t (stratum 1).