Configuring ntpd to hand out time to local servers

Posted by Michael on August 11, 2008 in General, Servers, Systems

Syncing your servers to public time servers is one of the most common ways of keeping server times in sync. Apparently the less common approach of configuring one server to sync with public servers and it in turn becomes the authoritative time keeper for the rest of your servers is less well-known. Digging through the copious ntp documentation, I have to say, its some very, very dense documentation mainly because the jargon isn’t well translated to a layperson’s “How do I?” inquiry.

I combed the documentation for days trying to figure out exactly how to set up a server to hand out time to all my other servers. Normally, my Google-fu can pierce just about any need, but “time” “server” “local” and so on are all too common terms in both client-and-server and client-only configurations and by far and away, the bulk of the documentation guides you through the latter. The documentation that guides you through the former is dense with references to peers, stratum, broadcasting, multi-casting, and so on.

So, here’s how to set up an NTP service as both client and local time server on CentOS 4:

yum install ntp

Then edit the /etc/ntp.conf file and set up the public ntp server pools and uncomment the broadcast line and change IP mask to match your network’s:

server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org
broadcast 192.168.1.255

Modify your /etc/sysconfig/iptables to allow other servers to connect:

-A RH-Firewall-1-INPUT -p udp -m udp --dport 123 -j ACCEPT

Finally, go to the “client server” and install ntp on it just as you did with the ntp server, except, this time, you edit your /etc/ntp.conf file to point to your new local time server. In my case, I set up two servers to give out times and I added ntp.1 and ntp.2 to my local DNS servers, so my config file for the “client servers” uses:

server ntp.1.example.com
server ntp.2.example.com

Its really that simple! Its probably not the most secure way to do the job as there’s plenty of information overload in the ntp documentation on configuring securely. However, with all of my servers sitting in a trusted VLAN and the DNS entries are only served to these servers and NTP port is blocked between this VLAN and others, I reckon it would be fairly hard to hijack the local ntp services. In other words, the simple approach is good enough, for now.

Write a Comment on Configuring ntpd to hand out time to local servers

Subscribe

Follow comments by subscribing to the Configuring ntpd to hand out time to local servers Comments RSS feed.

More

Read more posts by Michael

About the Author

A software developer and network engineer for over 20 years. Currently developing in Ruby, Rails, Javascript with sites powered through Apache, mongrel, mysql, postgres, and Microsoft SQL Server 2005 and monitored via monit.

Pradipta’s Rolodex Changing ANSI colors in Terminal on Macs