nanog mailing list archives

Re: ntp config tech note

From: "Kevin Oberman" <oberman () es net>
Date: Thu, 20 May 2004 13:17:24 -0700

From: Randy Bush <randy () psg com>
Date: Thu, 20 May 2004 12:27:48 -0700
Sender: owner-nanog () merit edu

ntp config hint
2004.05.20

ntpd will not work if your clock is off my a few minutes.
it just sits there forever with its finger in its ear.  so,
at boot, before you start ntpd, use ntpdate to whack your
system's time from a friendly low-numbered strat chimer.


For the initial ntpdate, I recommend that you use fairly local, highly
reliable hosts. Low numbered stratum is not very relevant. If your clock
is off by 600 ms, ntpd will fix it just fine.


do not background ntpdate with -b, because, if it is slow to
complete, ntpd can't get the port when you try to start it
next in the boot sequence.


Huh? On every system I have worked on (Unix types), -b is the "boot"
option and does exactly what you want to do at boot time. It sets the
clock immediately by stepping and never slews the time. This is what you
want at boot time as you want the time to be correct ASAP, not in a few
minuted.

if ntpdate takes a minute and thus adds to your boot time,
then something is wrong anyway; fix it.


If you use '-b' and have a list of reachable servers, it should take
less than a second.

in case your dns resolver is slow, servers are in trouble,
etc. have an entry for your ntpdate chimer in /etc/hosts.
yes, i too hate /etc/hosts; but i have been bitten without
this hack; named is even more fragile than ntpd.


Rather than put the servers in my hosts file (which would screw up
everything should they move), I just five ntpdate a list of servers by
IP address. This does everything putting a systems into hosts without
the possibility of impacting other stuff.

once ntpdate has run, then and only then, start your ntpd.
and read all the usual advice on configuration, selection
and solicitation of chimers with which to peer, ...

and then, if having accurate time on this host is critical,
cron a script which runs `ntpq -c peers` and pipes it to a
hack which looks to be sure that one of the chimers has a
splat in front of it.  run this script hourly, and scream
bloody hell via email if it finds problems.


I use 'ntpq -p', but I'm just lazy enough to save a few keystrokes. Both
commands produce identical output.

Randy, what version of ntpdate are you running that ntpdate backgrounds
on '-b'?
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman () es net                       Phone: +1 510 486-8634

Current thread:

Re: ntp config tech note, (continued)
- - - Re: ntp config tech note Crist Clark (May 21)
    - Re: ntp config tech note james edwards (May 21)
    - Re: ntp config tech note Charles Sprickman (May 20)
    - Re: ntp config tech note Pekka Savola (May 21)
    - Re: ntp config tech note John Kristoff (May 20)
    - Re: ntp config tech note Michael Sinatra (May 20)
    - Re: ntp config tech note John Kristoff (May 21)
    - Re: ntp config tech note Michael Sinatra (May 21)
    - Re: ntp config tech note Stephen J. Wilcox (May 23)
    - Re: ntp config tech note Tony Li (May 23)
- Re: ntp config tech note Kevin Oberman (May 20)
- Re: ntp config tech note Joel Jaeggli (May 20)
- ntpd config tech note redux Randy Bush (May 20)
  - Re: ntpd config tech note redux Steven M. Bellovin (May 20)
    - Re: ntpd config tech note redux Petri Helenius (May 20)
    - Re: ntpd config tech note redux Suresh Ramasubramanian (May 20)
    - Re: ntpd config tech note redux Petri Helenius (May 20)
- Re: ntp config tech note Peter Lothberg (May 20)
- RE: ntp config tech note Hannigan, Martin (May 20)
  - Re: ntp config tech note Robert E. Seastrom (May 20)
    - Re: ntp config tech note Michael Sinatra (May 20)