Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!
ProductsContributeDocsCareer

Install a public NTP Server on Debian/Ubuntu

profile picture
Author
Noah Seefried
Published
2019-03-08
Time to read
5 minutes reading time
Table of Contents

Introduction

In this tutorial we will install a public NTP server and optionally add it to the public NTP server pool.

Prerequisites

  • At least a small virtual server e.g. CX11 with a root shell. All commands, unless stated otherwise, should be run as root.
  • Basic knowledge about linux

Step 1 - Installation

First we will need to install ntp and ntpdate on our server. apt-get install ntp ntpdate

Step 2 - Configuring

We will add 5 "upstream" servers (the source of the time) to our configuration. You can use the hostname and/or the IP address. I suggest using three times an IPv4 address and two times a hostname.

Optional: If you use a hostname, check if it offers IPv6

There are two public lists:

(Click to expand) Difference between Stratum One and Two

The primary servers are called Stratum 1 and are connected directly to the source of time, which is called Stratum 0. This source can be an atomic clock, a GPS receiver, or a radio navigation system. On a network a stratum 1 time server supplies the time to other devices on the network which are known as stratum-2 devices. These also can be used as a time source and equipment that connects to a stratum-2 device to receive it become stratum-3 and so on.

Sort the list by the ISO code column and search servers that are geographically close to your servers location. Click on the ISO code to get the exact details like hostname and IP address. You should select two servers from the first list and three from the second list.

Do not use servers that are not listed as OpenAccess. These servers will deny synchronisation by default.

Open the file /etc/ntp.conf, remove the current content, add the content below and replace ntp_your_host_X with your selected servers.

driftfile /var/lib/ntp/drift

server ntp_your_host_1 iburst
server ntp_your_host_2 iburst
server ntp_your_host_3 iburst
server ntp_your_host_4 iburst
server ntp_your_host_5 iburst

restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

restrict 127.0.0.1
restrict -6 ::1

restrict source notrap nomodify noquery

What are all these configuration options? (Click to expand)

driftfile

The file contains one value used to adjust the system clock frequency after every system or service start.

iburst

The iburst mode sends up ten queries within the first minute to the NTP server. When iburst mode is not enabled, only one query is sent within the first minute to the NTP server.

default

The default option prevents access to everything if not explicitly allowed.

kod

The kod options sends a kiss-of-death packet if access is denied.

notrap

The notrap option prevents ntpdc control message protocol traps.

nomodify

The nomodify options prevents any changes to the configuration.

nopeer

The nopeer option prevents a peer association being formed.

noquery

The noquery option prevents ntpq and ntpdc queries, but not time queries, from being answered.

The following allows any query from localhost, you can add more specific IP addresses or IP ranges below these two.

restrict 127.0.0.1
restrict -6 ::1

Step 3 - Enable and start the NTP daemon

Start the NTP daemon with systemctl start ntp and enable auto start at boot with systemctl enable ntp.

You can now check with ntpq -p if your NTP server starts synchronizing with the ones your configured.

The remote column shows the hostname of the remote servers, the refid column tells you the source the servers are using. For Stratum 1 servers, the refid field should show GPS, PPS, ACTS, or PTB, and Stratum 2 will show the IP address of the upstream server. The st column shows the stratum. Delay, offset and jitter tell you the quality of the time source. Lower values are better.

If you have a firewall on your server do not forget to open the NTP port 123. You can open the port 123 with these two iptable rules:

iptables -A INPUT -p udp -m udp --dport 123 -j ACCEPT
ip6tables -A INPUT -p udp -m udp --dport 123 -j ACCEPT

Step 4 - Add the NTP server to the NTP pool (Optional)

The pool.ntp.org project is a big virtual cluster of timeservers providing reliable easy to use NTP service for millions of clients. The pool is being used by hundreds of millions of systems around the world. It's the default "time server" for most of the major Linux distributions and many networked appliances.

If you have a domain and IPv6 you should setup two DNS records to make sure the NTP project also knows about your IPv6. Depending on how much NTP servers you want to deploy replace the X with a number or remove it.

ntpX.example.com. 14400   IN      A       10.0.0.1
ntpX.example.com. 14400   IN      AAAA    2001:db8:1234::1

In order to add your NTP server to the pool you need to create an account. Click on Continue to login and register an account.

After that you can add a new server with your domain ntpX.example.com or your IP address. Set the Net speed you wanna share with the pool after adding the server and you are done.

Conclusion

You now have successfully installed and configured your own NTP server. You can use it for synchronising the time on your other servers or just enjoy sharing it to the pool!

To stay up-to-date you should follow the news section from the NTP pool. A RSS feed is also available.

Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Submit an articleFind out more
Report Issue

Discover our

Dedicated Servers

Configure your dream server. Top performance with an excellent connection at an unbeatable price!

Configure now
Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more
Report Issue