Yo Frank! Good input, net ntp.conf below.
On Tue, 7 Jun 2016 17:04:21 -0400 Frank Nicholas <fr...@nicholasfamilycentral.com> wrote: > > On Jun 7, 2016, at 4:52 PM, Gary E. Miller <g...@rellim.com> wrote: > > > > peer 204.17.205.1 maxpoll 5 # catbert > > peer 204.17.205.17 maxpoll 5 # pi2 > > #peer 204.17.205.23 maxpoll 5 # pi3 > > peer 204.17.205.27 maxpoll 5 # kong > > peer 204.17.205.30 maxpoll 5 > > peer [2001:470:e815::8] maxpoll 5 # spider > > You are using IP addresses, instead of names resolved by DNS. I never use DNS in the ntp.conf file. Well, maybe in the case I try out the pool. Since I use DNSSEC on my DNS, there is sortof a chicken and egg problem. > This > might confuse some. Clearly, the second complaint today on this list. I really want to include some local peers to demonstrate the ARP issue. > Maybe either explain the logic or change the > conf file to use DNS resolved names. Most of the How To users will > not/should not be using IP addresses - they won’t know what ones to > use or why and won’t have other “local” sources to use. I just added a section on the pool. But remember, Eric asked for MY config, not what I think others should be using. I would hope we get a collection of slightly different ntp.conf that are optimimized for different purposes, or levels of paranoia. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 # My RasPi 2/Adafruit HAT config. # contributor: Gary E. Miller <g...@rellim.com # date: 7 June 2016 # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for more help # This configuration uses the shared-memory refclock (28), which is # assumed to have gpsd on the other end. Unit 0 is the in-band data, # Unit 1 the PPS. # I have a number of other GPS based chimers on my local network. This # configuration peers with them so I can compare their performace. # for best performance, start ntpd last. First start gpsd, and confirm # you have a good GPS # lock, Then confirm gpsd is supplying time to the # SHM interface. Then you can start ntpd. # I start gpsd this way: # # gpsd -n /dev/ttyAMA0 # check for GPS 3D fix this way: # # cgps # check the SHM for good time: # # ntpshmmon # Then start NTP # # ntpd -N -g # save the clock drift when shutting down ntpd. # this allows for faster NTP reconvergence after a restart driftfile /var/lib/ntp/ntp.drift # You want some logging, it will be useful later. # # If you add the logging now, then you have the data when you figure # out you want it. If you wait until you want it then it is too late. statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable logfile /var/log/ntpd.log logconfig =syncall +clockall +peerall +sysall # we want some security # do not let random people remotely modify your ntpd server restrict default nomodify notrap nopeer noquery restrict -6 default nomodify notrap nopeer noquery # allow access from localhost, IPv4 and IPv6 restrict 127.0.0.1 mask 255.255.255.0 restrict -6 ::1 # replace this with your local IPv4 network restrict 204.17.205.0 mask 255.255.255.0 # replace this with your local IPv6 network restrict -6 [2001:470:e815::]/64 # The order of servers and peers in ntp.conf matters. # # On startup ntpd will take the first time it gets to set the system # clock. If this first time is an imprecise clock, say derived from # NMEA, then ntpd may takes days to restabilize. # # The first time ntpd acquires will tend to be the ones higher up in # the file with the lowest maxpoll. # # So to work around this ntpd glitch put your best time sources high # in the ntp.conf file, with your shortest maxpoll and your worst one # at the bottom with higher maxpolls. # # A bug is open for this behavior: # https://gitlab.com/NTPsec/ntpsec/issues/68 # PPS is first, it is the most precise. # SHM for PPS and gpsd server 127.127.28.1 prefer minpoll 4 maxpoll 4 fudge 127.127.28.1 refid PPS # My other local chimers, just in case the GPS loses signal, and # for comparison # If you do not have any other chimers on your local network then you # can skip this section on local peers. Proceed to the section on # using the pool # The default APR timeout on Cisco switch gear may be as long as # 4 hours. On windows and Linux it may be as short as 60 seconds. # # If the polling interval for a chimer is greater than 60 seconds (maxpoll 6+) # then when ntpd sends a time request to a remote ntpd daemon the OS may # be adding an ARP roundtrip to the process, delaying the return # by that much extra time. This convinces ntpd that the remote ntpd # is further away, and has more jitter, than it actually does. # # To prevent this glitch in ntpd behavior, be sure to use 'maxpoll 4' or # 'maxpoll 5' on servers and peers on the local network. # # Maybe ntpd should fix maxpoll at 4 or 5 for local peers? # Notice that I do not use DNS names for my local chimers, only IP numbers. # I do not want my NTP dependent on DNS. DNS requires a network # connection and I do not want my NTP down during network outages, or # because of any DNS failure. # I also use DNSSEC which requires accurate time. If my NTP depends on # DNS, and my DNS depends on NTP that can cause problems. peer 204.17.205.1 maxpoll 5 # catbert peer 204.17.205.17 maxpoll 5 # pi2 #peer 204.17.205.23 maxpoll 5 # pi3 peer 204.17.205.27 maxpoll 5 # kong peer 204.17.205.30 maxpoll 5 peer [2001:470:e815::8] maxpoll 5 # spidey # end of local peers # if you have no other local chimers to help NTP perform sanity checks # then you can use some public chimers from the NTP public pool: # http://www.pool.ntp.org/en/ # To use the pool servers uncomment the last four lines in this section. # The iburst option tells ntpd to query the pool serers with bursts instead # of single requests. This can yield better results to remote servers. # Notice I use the 'us' country code servers, otherwise I might get one # pool server from Ukraine and another from Singapore. If you are # not in the USA, then change the 'us' to your two letter country code. # server 0.us.pool.ntp.org iburst # server 1.us.pool.ntp.org iburst # server 2.us.pool.ntp.org iburst # server 3.us.pool.ntp.org iburst # NMEA is last, it is the least precise # SHM for gpsd server 127.127.28.0 minpoll 4 maxpoll 4 fudge 127.127.28.0 time1 0.450 refid GPS
pgpCmrdwNMRlt.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel