The ntpd “pool” option has been working well since ntp-dev 4.2.7p249 in January of 2012, over a decade ago. It didn’t hit ntp-stable until 4.2.8 in December of 2014. It has been in NTPsec since the project began in 2015.
This is a better option for both users and pool server operators than multiple “server #.pool.ntp.org” lines for several important reasons. From a user perspective, pool associations in ntpd are preemptible, meaning ntpd will drop them automatically if they fail to contribute to the time solution, whether because their clock is off, the delay is too variable, or they simple stopped serving NTP. Moreover, ntpd will replace those preempted (discarded) associations with other pool IP addresses, requerying DNS as needed. This provides better time service to the clients as they automatically gravitate to servers that work and provide good service from the user’s perspective.
This is also a win for pool server operators, as clients using “pool” rather than multiple “server” lines will stop sending traffic to their IP address when it stops serving NTP, rather than continuing to bang on it with traffic for as long as the ntpd is running, sometimes years.
If you run a pool server and aren’t using “pool”, please give it a whirl and see for yourself how well it works. Below is a sample configuration for pool clients. For
non-stratum 1 pool servers, it also works well.
So how about updating the “Use the pool” directions on ntppool.org to encourage this better and kinder alternative to multiple “server” lines?
=== ntp.conf ===
driftfile /etc/ntp.drift
Tight restrictions for the public, but loosen them for servers
we use for time. Note the lack of nopeer on “restrict source”
is important, otherwise pool associations will not spin up.
These restrictions do not allow the public to query via ntpq (noquery)
or set up event traps used by network monitoring tools to keep tabs
on remote ntpd instances (notrap). “limited” and “kod” refuse to
respond to clients that query too often, by default more than once
every 2 seconds in a burst or more than once per 8 seconds long term.
Adding kod sends occasional “kiss of death” responses to clients
exceeding the rate limit, providing no useful time and requesting
the client to back off their polling interval, which they will if
using ntpd and their maxpoll allows.
restrict default nopeer noquery nomodify notrap limited kod
restrict source noquery nomodify notrap limited kod
Allow status queries and everything else from localhost and local net.
If there are hosts used as time sources in the local network, they
will be subject to the “restrict source” restrictions above, so they
will not be able to use ntpq with this host.
restrict 127.0.0.1
restrict ::1
restrict 192.168.0.0 mask 255.255.0.0
Require at least two sources in reasonable agreement before adjusting
the clock. The default minsane is 1 “for legacy purposes.” Lower
maxclock from the default 10 to a more reasonable number for the pool.
tos minsane 2 maxclock 5
pool pool.ntp.org iburst
=== ntp.conf ===
Cheers,
Dave Hart