Create NTP server

In my wide area company with about 1000 clients, I organized ntp server hierarchy in 2 levels:

level A - n.1 Physical Linux server (Centos 6) - SERVER MASTER
level B - n.3 Physical Linux server (Centos 6) - NTP1, NTP2, NTP3 (for clients)

Server MASTER retrieves time directly from servers of public newtwork.
Server NTP1, NTP2, NTP3 retrieves time from server MASTER and they are the official NTP server used from clients.

What do you think about this ntp server structure? I know NTP server numbers must be 1, 3 or 4,…
I know ntp server must be a physical machine because its clock is more exact. Right ?

Please use higher version, CentOS 6 is unmaintained, it already contains some unpatched security vulnerabilities.
It is enough to have the 3 servers (NTP[1-3]) with vanilla configuration synchronizing to the pool. The clients should all synchronize to these servers. No need for MASTER server.

Yes, it is a good practice to have them as physical servers.

1 Like

Four is the minimum number of recommended servers in a NTP service tier: RFC 8633: Network Time Protocol Best Current Practices

Consider using the one you had planned to be a master as your fourth NTP server and make sure you point all of your clients to all four via a multivalued DNS record.

I would put an NTP-server on both servers, pref Chrony.
Then let both servers access public NTP-servers and connect a link between them so you can see if either is false ticking.
Then make a round-robin DNS and point all clients to both servers.

That is how I do it.

1 Like

I have a network where there are two NTP servers. Sometimes clients report “Synchronization lost”. I have another network, with three NTP servers. I never get “Synchronization lost” message from the clients there.

Are you referencing to client side, right ?
That is if my clients have set 4 ntp servers and one of them become mad, It’s possible to keep right time by the three survived servers.
My idea is to destroy Master server and to expose NTP[1-3] server to public network to retrieve time directly from stratum 1 servers of Internet. At this time I would add the fourth server.

What do you want to say with “multivalued DNS record” ?
In every client I will set n.4 different ntp servers which have different names e.g. ntp1, ntp2, ntp3, ntp4

You can do it like that or create a DNS Record like

ntp.my-domain.tld.  A   IP.OF.NTP.1
                    A   IP.OF.NTP.2
                    A   IP.OF.NTP.3
                    A   IP.OF.NTP.4

And use the “pool” option instead of “server” option in ntp.conf
pool ntp.my-domain.tld

2 Likes

2h

Are you referencing to client side, right ?

Not just clients; all participants in NTP. The four servers should themselves have at least 4 diverse sources defined.

That is if my clients have set 4 ntp servers and one of them become mad, It’s possible to keep right time by the three survived servers.

We don’t just do this for resilience against a missing/inaccurate/malicious server, we do it for accuracy as well. You should have all four of them active all of the time. (Note that 4 is the minimum described in the RFC; up to 10 can be defined - at least for ntpd - and the more you have the more likely you are to have accurate time.) Read up on the intersection (selection) algorithm and the cluster algorithm for more details about why this is the case.

My idea is to destroy Master server and to expose NTP[1-3] server to public network to retrieve time directly from stratum 1 servers of Internet. At this time I would add the fourth server.

My suggestion is to use all 4 as a group, not just 1-3.

What do you want to say with “multivalued DNS record” ?
In every client I will set n.4 different ntp servers which have different names e.g. ntp1, ntp2, ntp3, ntp4

See the post that @apuls just made to explain this.

If your servers are 192.168.1.123, 192.168.2.123, 192.168.3.123, and 192.168.4.123, you can have a single record, e.g. ntp.example.com which returns all four of those IP addresses, just like the NTP pool does.

1 Like

I do that too, see ntp.heppen.be:

bas@workstation:~$ nslookup ntp.heppen.be 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	ntp.heppen.be
Address: 77.109.90.72
Name:	ntp.heppen.be
Address: 212.187.8.48
Name:	ntp.heppen.be
Address: 89.207.129.63
Name:	ntp.heppen.be
Address: 5.135.125.103
Name:	ntp.heppen.be
Address: 5.196.189.119
Name:	ntp.heppen.be
Address: 2a00:7b80:477:21::9dcb:d174
Name:	ntp.heppen.be
Address: 2a02:578:440e:0:aaa1:59ff:fe3d:5b53
Name:	ntp.heppen.be
Address: 2001:41d0:203:654d::8f37:5630
Name:	ntp.heppen.be
Address: 2a02:578:440e:0:5f05:fa04:1720:d90f

All clients request 1 ‘server’ they get multiple servers and normally the quickest responds. And if 1 fails, the others are still there.

Simple, fast and effective :slight_smile:

I have not used (or even read about) a single NTP client which behaves in this way.

A fully-capable NTP client (e.g. chronyd or ntpd configured with pool ntp.example.com) will use all of the addresses returned in the DNS lookup (up to the value of maxsources) as inputs to the selection and clustering algorithms. A slightly less capable client like ntpdate will look up all of the sources and use a subset of the algorithms to determine the result.

A poor client will just take the first address from the DNS response (which is usually sorted randomly) and attempt to use it, possibly retrying if the address doesn’t respond.

I’d be interested in seeing a (documented) list of clients which act in the “happy eyeballs”-like manner you describe.

At first it will connect to all of them, but then chrony adjusts the poll-time if there are no problems.
It will use the most accurate server and slows the polls to others.
Unless you set min/max poll by hand and limit it to e.g. 4/4 then it will keep polling all servers at the same time.

That’s quite a bit different to what you said originally:

All of the servers respond (as best they are able, subject to the lossy nature of UDP and the intervening networks), and all of them continue to be polled as peers (possibly at different rates depending on the quality of their responses).

But your original explanation implies that it’s a situation of first reply wins and the others are discarded, which is not accurate.

It just depends on the client.
There are plenty that just takes the first entry and ignore the rest.
For that reason it was advised to provide more ‘server’ lines.
With the current ‘pool’ line this is no longer needed.

Most people don’t care about time at all, only if things go wrong.

Many old clients still running and only query 1 entry out of a pool-DNS, if they get acceptable time they don’t bother until the next poll.
Windows is such a client…off by 20 seconds is not an issue and it doesn’t bother to check if it’s running on time more then once a week or more.
Seen it all to often where Ham’s asked why their WSPR of FT-8 wouldn’t work :crazy_face:

I agree with the suggestion to have all four physical servers use your internet sources directly, preferably with default minimum and maximum poll intervals so the software can tune the poll intervals to the conditions as they change.

I also agree with creating a single domain name which has A/AAAA records for all four servers (one or the other, either 4 As or 4 AAAAs, as the clients should not treat the same server via IPv4 and IPv6 as distinct servers unless the network paths are actually distinct, which I doubt they are).

Further, I would suggest the four use each other as additional sources, using the same pool directive as the clients, e.g.

pool ntp.example.com iburst

They will refuse to use their own IP as a source and add the remaining three. Once all servers are referencing each other, I would also suggest enabling orphan mode. Just use “tos orphan 10” in ntp.conf to set the orphan stratum (higher than any normal stratum they operate at, low enough to avoid any downstream clients reaching stratum 15). In case your internet connection is lost, the four servers should then agree on one functioning server the remaining will sync to, providing a single freewheeling clock your entire network will use, rather than 4 different freewheeling clocks which would slowly diverge.

2 Likes