Tue, 28 Feb 2006
The NTP server and pool
After several years I have reviewed the configuration of our time server. I have contacted a NTP admin at CESNET (our ISP), and he pointed me to several stratum 1 NTP servers (most of them GPS-based, but there is also one server based on cesium atomic clock). So we have a fairly stable stratum 2 NTP server now, synchronized with about six stratum 1 servers, some of them outside the Czech republic.
I have also written a documentation for our users, and set up the IS MU servers to synchronize against our NTP server.
I tried to enable the X.509-based signatures of NTP data, but did not found any meaningful documentation - the "official NTP documentation" is rather confusing for me - even the NTP FAQ were more helpful. The best documentation about NTP servers is probably the Sun's "Basic NTP Administration ad Architecture" (the link is to a PDF document). However, this file documents an older revision of NTP server, without the advanced features like asymmetric cryptography.
I have added our NTP server to the public NTP server pool (which has a pleasant side-effect that we now have a free remote monitoring of the NTP server quality).
3 replies for this story:
adelton wrote:
Hmmm, is a cron job better than running ntpd?
Yenya wrote: Cron job?
What cron job? ntpdate? Running ntpd costs another process in memory. However, ntpd can adjust the time by incremental skewing, which (unlike ntpdate) will not confuse a time-sensitive apps (such as Oracle backup, as our DBA said), because with ntpd, the system time never skips back.
adelton wrote: Re: Cron job?
Yes, ntpd instead of a cronjob starting ntpdate. As for the ntpd never setting the time back, that only holds if you use the -x option.