On 2006-05-09, Ted Gervais <[EMAIL PROTECTED]> wrote: > Here is what I have in my ntp.conf file: > ------------- > restrict default noquery notrust nomodify
For ntpd > 4.2.x 'notrust' means "ignore all NTP packets that are not cryptographically authenticated. This is probably not what you thought it meant. Replace 'notrust' with 'nopeer'. While you're at it, I strongly suggest that you take a look at http://ntp.isc.org/Support/AccessRestrictions (and follow the decision tree for setting your default restriction). > restrict 127.0.0.1 > restrict 24.224.176.0 mask 255.255.248.0 > fudge 127.127.1.0 stratum 3 > server 127.127.1.0 ntpd will continue to discipline the clock using the last known values in the event that all time sources become unreachable. You don't need to use the Undisciplined Local Clock, or LocalCLK, (127.127.1.x) unless your ntpd is serving time to others _and_ you want it to be able to claim that it is synced to something even when it is not. When ntpd is synced to the LocalCLK it will follow the drift of your motherboard clock, which is usually worse than your wrist watch. If you _really_ feel that you need to use the LocalCLK you should fudge the stratum to 10, or more. Some of the pool servers you're using might operate at Stratum 3 and it is possible that ntpd just might decide to follow the LocalCLK if it were Stratum 3. > server 0 pool.ntp.org > server 1 pool.ntp.org > server 2 pool.ntp.org > server pool.ntp.org You should append 'iburst' to your server lines. Doing so will reduce the time for initial 'sync' from ~8 minutes to ~20 seconds. > driftfile /etc/ntp.drift Daemons have no business writing to /etc. Something like /var/run/ntp/ntp.drift of /var/lib/ntp/ntp.drift would be more appropriate. > As well - I have no idea that ntp(d) is working? How can I tell ntpq -p for your peer status (look for the '*' on one of your remote time server lines. If the peer status billboard shows that your remote time servers are unreachable (i.e. '0' in the reach column) then you need to fix your network. ntpq -crv and look for state=4 and a stratum of less than 16. There may or may not be any messages in the log. >and if it is how does it change the system time The default behavior of ntpd is to step your clock if the offset if greater than 128ms and to slew your clock if the offset is less than 128ms. ntpd checks its offset when each poll interval expires. The poll intervals start at 64 seconds and can increase up to 1024 seconds. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://ntp.isc.org/ _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
