Build an NTP server in Ubuntu

Preface a time error occurred on a self-managed server, which caused a problem in the display time of mail sending, here we will take the time to record the process of building an NTP server. The Network Time procotol (NTP protocol) aims to deliver a unified and standard time on the Internet. The specific implementation scheme is to specify several clock source websites on the network to provide time service for users, and these websites should be able to compare with each other to improve accuracy. NTP is a complex synchronization time protocol that spans a wide area network or a LAN. It generally provides millisecond-level precision. Rfc2030 describes SNTP (Simple Network Time Protocol) for hosts that do not require complete NTP for complexity. It is a subset of NTP. Generally, several hosts on the LAN synchronize the clock with other NTP hosts over the Internet, and then provide the time synchronization service to other clients in the LAN. The NTP protocol is a high-level protocol of the OSI reference model. It complies with the UDP transmission protocol format and has a dedicated port of 123. Over time, the computer clock tends to drift. Network Time Protocol (NTP) is a way to ensure that your clock remains accurate. It provides a time synchronization mechanism between routers, switches, workstation and servers. NTP server is often used in IT system environments with time synchronization requirements. Server configuration and installation

sudo apt-get install ntp

Configuration File Location

sudo  /etc/ntp.conf

Configuration method

The upper-layer NTP server is configured using the server. The upper-layer NTP server is configured in the following way: Server [IP or hostname] [prefer] parameter description: IP or hostname: IP address or domain name prefer of the Upper-layer NTP server: indicates the master driftfile that is preferentially used: record the time difference. Because the preset NTP server's time calculation is based on the BIOS chip fluctuation cycle frequency, but this value is different from the upper-layer time server. So the NTP daemon will automatically calculate the frequency of our host and the upper timeserver, and record the error of the two frequencies, the recorded file is the complete file name followed by driftfile.

Note:

• It is recommended that the server use hostname because IP addresses may change due to data center migration in the LAN.

Common time servers: http://www.pool.ntp.org/zone/cnconfiguration file example restart ntpserver

sudo /etc/init.d/ntp restart

Command for viewing NTP running status

ntpq -p

Example parameter explanation

NTP parameter description remote: Remote NTP server refID connected to the local machine: refers to the address st of the last NTP Host referenced in the remote server level. Because NTP is a hierarchical structure, there is a top server, and the multi-layer relay server goes to the client. therefore, the server level from high to low can be set to 1-16. in order to reduce the load and network congestion, in principle, we should avoid directly connecting to the when of a server with a level of 1: Use timing, it is used to tell us how long the local machine will need to synchronize time with the remote server poll: the local host and remote server time for one synchronization (in seconds) Reach: This is an octal value, indicates the number of times that the NTP server has requested updates. Every successful connection, its value is added with 1 delay: the delay time during network transmission, in the unit of microsecond offset: time difference between our local machine and the server. Unit: millisecond jitter: time difference between Linux system time and bios hardware time, unit: microsecond

Server Status Parameters

*: It tells us that the remote server has been confirmed as our master NTP server, and our system time will be provided by this machine +: it will serve as a secondary NTP server and a server with a * number to provide us with synchronization services. when the * server is unavailable, it can take over-: remote servers are considered to be unqualified by clustering algorithm NTP serverx: remote servers are unavailable

Security requirements for NTP security settings run an NTP server does not need to occupy a lot of system resources, so you do not need to configure an independent server to provide time synchronization services for many clients, however, some basic security settings are still necessary, providing an idea:

1. Only some users in the LAN are allowed to connect to our server.
2. These clients cannot modify the time on our server.

Security settings in the/etc/NTP. conf file, we can use the restrict keyword to configure the above requirements:

[Restrict] parameter setting method: restrict [Your IP] Mask [netmask_ip] [parameter]. Parameter parameters mainly include: Ignore: rejecting all types of NTP connections nomodify: the client cannot use the ntpc and ntpq programs to modify the server's time parameter noquery: the client cannot use commands such as ntpq and ntpc to query the server time, which is equal to notrap when no NTP network is provided: the remote time logon function of trap is not provided. notrust: reject unauthenticated client nopeer: synchronize time with NTP servers on the same layer.

Reference Configuration

1. Deny all operations on the default client.

   restrict default kod nomodify notrap nopeer noquery

2. Then allow all operations on the local address

   restrict 127.0.0.1

3. Finally, allow the specified client in the LAN to connect to the server for synchronization, but refuse to modify the server time.

   restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Default Configuration

Note:

The default configuration is to prohibit all clients from modifying the server time. Therefore, I think the default configuration is sufficient for the NTP client configuration synchronization method. Here we already have our own relay NTP server. If we want to synchronize time between all clients in the LAN, we should set up relay server according to the above method, and then all clients will point to that server. Note:

• Because the time error between ntpd server/client cannot exceed 1000 seconds, you need to manually synchronize time and then set NTP. conf

Ntpdate

Ntpdate [-DV] [ntp ip/hostname] parameter description:-D: Enter debug to show more effective information-V: display more messages

The difference between ntpdate and ntpd: ntpd is not only a time synchronization server, but also a client and a standard server for synchronous time. ntpdate is not an immediate synchronization of ntpdate, and should be used with caution in the production environment. Because ntpdate is synchronized immediately, after obtaining a time, ntpdate uses settimeofday (2) to set the system time, which will generate a clock hop. Using ntpdate to adjust the time has several obvious problems:

• This is not safe.
• This is not accurate enough
• Not elegant enough

Reference http://www.mike.org.cn/articles/linux-time-set-and-sync-ntp/