Setting up a local NTP Server

by | Mar 8, 2015 | Common Sense, DNS, General IT, IT, Linux, NTP, Tutorial | 1 comment

Time is super important within a network, it is super difficult to try and line up errors when you have to take into account the differences in time between servers etc. This all came to a point the other day when I was trying to work out why my Guest Wifi Network wouldn’t take to its gateway and beyond.

So I intalled a NTP server onto the local DNS server. This is the steps I used

Install the NTP Daemon.

sudo apt-get install ntp

Configure the NTP Servers that this host will talk to

sudo vi /etc/ntp.conf

##Add the following to the ntp.conf file. 
##Update the Servers to australian servers.
server 0.au.pool.ntp.org iburst
server 1.au.pool.ntp.org
server 2.au.pool.ntp.org
server 3.au.pool.ntp.org

##Allow other local subnets to talk to the NTP Server
Allow other subnets access to the NTP server.
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.22.0 mask 255.255.255.0 nomodify notrap

Restart the NTP Service for the changes to kick in

sudo /etc/init.d/ntp restart

Check that it is starting up

tail -f /var/log/syslog

##Example output
Mar  7 13:06:25 proxy ntpd[21907]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
Mar  7 13:06:25 proxy ntpd[21907]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
Mar  7 13:06:25 proxy ntpd[21907]: Listen and drop on 1 v6wildcard :: UDP 123
Mar  7 13:06:25 proxy ntpd[21907]: Listen normally on 2 lo 127.0.0.1 UDP 123
Mar  7 13:06:25 proxy ntpd[21907]: Listen normally on 3 eth0 172.17.100.253 UDP 123
Mar  7 13:06:25 proxy ntpd[21907]: Listen normally on 4 virbr0 192.168.122.1 UDP 123
Mar  7 13:06:25 proxy ntpd[21907]: Listen normally on 5 lo ::1 UDP 123
Mar  7 13:06:25 proxy ntpd[21907]: Listen normally on 6 eth0 fe80::20c:29ff:fe1b:cae UDP 123
Mar  7 13:06:25 proxy ntpd[21907]: peers refreshed
Mar  7 13:06:25 proxy ntpd[21907]: Listening on routing socket on fd #23 for interface updates

Check who the NTP Service is talking to

ntpq -p

##Example output
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*hosting.wireles 203.35.83.242    2 u   37   64    1   42.415  175.320 174.572
 dns1-ha.au.syra 218.100.43.70    2 u   11   64    3   86.255  285.931 285.784
 ns2.unico.com.a 203.23.237.200   3 u    7   64    3   57.521  304.138 300.867
 0.time.itoc.com 202.21.137.10    2 u    9   64    3   44.253  297.532 292.627
 juniperberry.ca 131.188.3.220    2 u    9   64    3  337.946  289.182 293.453

Next I wanted to make it neat so I added a DNS Record into one of my zones

sudo vi /etc/bind/zones/db.nbird.com.au

##Add the following line
time    IN      CNAME   ns1.nbird.com.au.

Restart bind to update the zone

sudo service bind9 restart

Lastly I added my other hosts to update their time from this server.

That is all there is to it. If you however like I did, you run into trouble you can use the following tools to help find out what is wrong.

Tell the server to run its first update

sudo ntpdate 0.au.pool.ntp.org

Get another host to try and update its time from this server. (Run this from the client)

sudo ntpdate -d time.nbird.com.au

##Example output
 7 Mar 13:43:22 ntpdate[24960]: ntpdate [email protected] Fri Feb  6 15:35:40 UTC 2015 (1)
Looking for host time.nbird.com.au and service ntp
host found : 172.17.100.253
transmit(172.17.100.253)
receive(172.17.100.253)
transmit(172.17.100.253)
receive(172.17.100.253)
transmit(172.17.100.253)
receive(172.17.100.253)
transmit(172.17.100.253)
receive(172.17.100.253)
transmit(172.17.100.253)
server 172.17.100.253, port 123
stratum 3, precision -22, leap 00, trust 000
refid [172.17.100.253], delay 0.02580, dispersion 0.01314
transmitted 4, in filter 4
reference time:    d8a4f208.8e83d1e5  Sat, Mar  7 2015 13:42:00.556
originate timestamp: d8a4f261.e9f8729d  Sat, Mar  7 2015 13:43:29.913
transmit timestamp:  d8a4f261.0e8eab98  Sat, Mar  7 2015 13:43:29.056
filter delay:  0.02585  0.02580  0.02582  0.02589
         0.00000  0.00000  0.00000  0.00000
filter offset: 0.817485 0.830987 0.844084 0.856841
         0.000000 0.000000 0.000000 0.000000
delay 0.02580, dispersion 0.01314
offset 0.830987

 7 Mar 13:43:31 ntpdate[24960]: step time server 172.17.100.253 offset 0.830987 sec

Check that the service is started and listening

sudo nmap -p123 -sU -P0 localhost

##Example Output
Starting Nmap 6.40 ( http://nmap.org ) at 2015-03-07 13:42 AEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00015s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT    STATE SERVICE
123/udp open  ntp

Nmap done: 1 IP address (1 host up) scanned in 1.05 seconds

 

1 Comment

  1. jonathan steward
    jonathan steward on 23/04/2015 at 8:39 pm

    Nice post, very interesting topic.