## 19.12 NTP ***Contributed by Tom Hukins. *** ### 19.12.1 Overview Over time, a computer's clock is prone to drift. As time passes, the computer's clock becomes less accurate. NTP (Network Time Protocol) is one way to ensure your clock is right. Many Internet services rely on, or greatly benefit from, computers' clocks being accurate. For example, a Web server may receive requests to send a file if it has modified since a certain time. Services such as [cron(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#cron§ion8) run commands at a given time. If the clock is inaccurate, these commands may not run when expected. DragonFly ships with the [ntpd(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#ntpd§ion8) NTP server which can be used to query other NTP servers to set the clock on your machine or provide time services to others. ### 19.12.2 Choosing Appropriate NTP Servers In order to synchronize your clock, you will need to find one or more NTP servers to use. Your network administrator or ISP may have set up an NTP server for this purpose--check their documentation to see if this is the case. There is a [list of publicly accessible NTP servers](http://www.eecis.udel.edu/~mills/ntp/servers.html) which you can use to find an NTP server near to you. Make sure you are aware of the policy for any servers you choose, and ask for permission if required. Choosing several unconnected NTP servers is a good idea in case one of the servers you are using becomes unreachable or its clock is unreliable. [ntpd(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#ntpd§ion8) uses the responses it receives from other servers intelligently--it will favor unreliable servers less than reliable ones. ### 19.12.3 Configuring Your Machine #### 19.12.3.1 Basic Configuration If you only wish to synchronize your clock when the machine boots up, you can use [ntpdate(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#ntpdate§ion8). This may be appropriate for some desktop machines which are frequently rebooted and only require infrequent synchronization, but most machines should run [ntpd(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=ntpd§ion=8). Using [ntpdate(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#ntpdate§ion8) at boot time is also a good idea for machines that run [ntpd(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=ntpd§ion=8). The [ntpd(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=ntpd§ion=8) program changes the clock gradually, whereas [ntpdate(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=ntpdate§ion=8) sets the clock, no matter how great the difference between a machine's current clock setting and the correct time. To enable [ntpdate(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#ntpdate§ion8) at boot time, add `ntpdate_enable="YES"` to `/etc/rc.conf`. You will also need to specify all servers you wish to synchronize with and any flags to be passed to [ntpdate(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=ntpdate§ion=8) in `ntpdate_flags`. #### 19.12.3.2 General Configuration NTP is configured by the `/etc/ntp.conf` file in the format described in [ntp.conf(5)](http://leaf.dragonflybsd.org/cgi/web-man?command#ntp.conf§ion5). Here is a simple example: server ntplocal.example.com prefer server timeserver.example.org server ntp2a.example.net driftfile /var/db/ntp.drift The `server` option specifies which servers are to be used, with one server listed on each line. If a server is specified with the `prefer` argument, as with `ntplocal.example.com`, that server is preferred over other servers. A response from a preferred server will be discarded if it differs significantly from other servers' responses, otherwise it will be used without any consideration to other responses. The `prefer` argument is normally used for NTP servers that are known to be highly accurate, such as those with special time monitoring hardware. The `driftfile` option specifies which file is used to store the system clock's frequency offset. The [ntpd(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#ntpd§ion8) program uses this to automatically compensate for the clock's natural drift, allowing it to maintain a reasonably correct setting even if it is cut off from all external time sources for a period of time. The `driftfile` option specifies which file is used to store information about previous responses from the NTP servers you are using. This file contains internal information for NTP. It should not be modified by any other process. #### 19.12.3.3 Controlling Access to Your Server By default, your NTP server will be accessible to all hosts on the Internet. The `restrict` option in `/etc/ntp.conf` allows you to control which machines can access your server. If you want to deny all machines from accessing your NTP server, add the following line to `/etc/ntp.conf`: restrict default ignore If you only want to allow machines within your own network to synchronize their clocks with your server, but ensure they are not allowed to configure the server or used as peers to synchronize against, add restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap instead, where `192.168.1.0` is an IP address on your network and `255.255.255.0` is your network's netmask. `/etc/ntp.conf` can contain multiple `restrict` options. For more details, see the `Access Control Support` subsection of [ntp.conf(5)](http://leaf.dragonflybsd.org/cgi/web-man?command#ntp.conf§ion5). ### 19.12.4 Running the NTP Server To ensure the NTP server is started at boot time, add the line `xntpd_enable#"YES"` to `/etc/rc.conf`. If you wish to pass additional flags to [ntpd(8)](http://leaf.dragonflybsd.org/cgi/web-man?commandntpd§ion=8), edit the `xntpd_flags` parameter in `/etc/rc.conf`. To start the server without rebooting your machine, run `ntpd` being sure to specify any additional parameters from `xntpd_flags` in `/etc/rc.conf`. For example: # ntpd -p /var/run/ntpd.pid ### 19.12.5 Using ntpd with a Temporary Internet Connection The [ntpd(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#ntpd§ion8) program does not need a permanent connection to the Internet to function properly. However, if you have a temporary connection that is configured to dial out on demand, it is a good idea to prevent NTP traffic from triggering a dial out or keeping the connection alive. If you are using user PPP, you can use `filter` directives in `/etc/ppp/ppp.conf`. For example: set filter dial 0 deny udp src eq 123 # Prevent NTP traffic from initiating dial out set filter dial 1 permit 0 0 set filter alive 0 deny udp src eq 123 # Prevent incoming NTP traffic from keeping the connection open set filter alive 1 deny udp dst eq 123 # Prevent outgoing NTP traffic from keeping the connection open set filter alive 2 permit 0/0 0/0 For more details see the `PACKET FILTERING` section in [ppp(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#ppp§ion8) and the examples in `/usr/share/examples/ppp/`. **Note:** Some Internet access providers block low-numbered ports, preventing NTP from functioning since replies never reach your machine. ### 19.12.6 Further Information Documentation for the NTP server can be found in `/usr/share/doc/ntp/` in HTML format. CategoryHandbook CategoryHandbook-advancednetworking