NTP Pool Reaches 1000 Servers, Needs More

hgerstung writes "This weekend the NTP Pool Project reached the milestone of 1000 servers in the pool. That means that in less than two years the number of servers has doubled. This is happy news, but the 'time backbone' of the Internet, provided for free by volunteers operating NTP servers, requires still more servers in order to cope with the demand. Millions of users are synchronizing their PC's system clock from the pool and a number of popular Linux distributions are using the NTP pool servers as a time source in their default ntp configuration. If you have a static IP address and your PC is always connected to the Internet, please consider joining the pool. Bandwidth is not an issue and you will barely notice the extra load on your machine."

Google

[Seumas]

This sounds like a job for Google.

Seriously. They are working to own every other bit of information. Why not "own" the method by which machines maintain time by throwing a thousand machines at it (an insignificant number compared to the 500k or more that make up their own server farm).

Re:Google

[thegrassyknowl]

I wanted to submit my PC to the pool but you must have a static IP *grr* I'm not paying more to get a fixed IP address. It's not like I use all of that enormous data allocation or fat pipe. In fact, if I didn't download 100G of pr0nz each month it wouldn't even get 50% used!

Re:Google

[Charles+Dodgeson]

Why not "own" the method by which machines maintain time by throwing a thousand machines at it A thousand machines all on one bit of network does little good. These need to distributed around the globe.

Re:Google

[Seumas]

Google's server farms are distributed around the world. both coasts and in between as well as Ireland, Belgium and elsewhere.

Re:Google

[Seumas]

How are they supposed to track what subversive materials I'm reading or what kind of groups I'm congregating with or who I'm socializing with or what my personal views and beliefs are, otherwise?!

Re:Google

Uh... how exactly do you propose they work with dynamic IPs?

Re:Google

Uh... how exactly do you propose they work with dynamic IPs?

Dynamic DNS, just like everybody else on dynamic IPs.

Re:Google

[hgerstung]

Well, unfortunately DynDNS will not work here, simply because the clients will resolve the IP address once at startup and then stick to it (it will not be re-resolved later). The NTP Project is working on that, but currently there is no chance to use DynDNS or even "pretty static" IPs ... Heiko

Re:Google

[gallwapa]

don't forget directory services. (as in, x.500)

Re:Google

[SnowZero]

Obviously one will have to work it into the rather large existing NTP codebase, but at it's heart this problem is quite simple: If a clock source disappears, try resolving the host again. The NTP protocol is pretty much a heartbeat as it is. Now, one could face the problem of another host getting the old IP so fast that you start following that host, but I'd argue that isn't really a problem in 99% of cases. If it is, use only servers with a static IPs.

Re:Google

Crazy, isn't it? It's almost like keeping all your monetary assets in one bank, or entrusting your retirement savings with one investment management company. And it's not like your bank-issued credit card keeps a list of everywhere you bought something, ate something, or visited an ATM. Who'd ever tolerate that?

Re:Google

[hgerstung]

Full ack, but AFAIK it is already worked on and I hope that it will be available in the -dev tree.

Re:Google

[putaro]

It's called scaling. One server can't handle all of the time requests. The various servers use NTP to sync up to a good time source such as an atomic clock and correct their clocks and can then hand out the correct time to clients.

Re:Google

[Seumas]

Well, the concept is this:

You can have five billion machines all hitting a single "atomic clock". Or you could have a few servers hit it and hundreds of servers that sync up with *those* servers. Seriously, even in cases where all machines of an organization or university or corporation sync off one single internal NTP server (which itself them hits one of the servers in this pool, I'd presume) -- you're still talking about billions of machines that need to have the proper time synced on a daily bases across the globe.

I mean . . . you don't have just one single DNS server for the entire planet, because adding more would just raise inaccuracies... you have DNS servers all over the planet to serve various geographies and balance the load.

Re:Google

[turbidostato]

"how many servers does it take to tell you what time it is?"

Just one. On the other hand, how many servers does it take for *you* to be confident about the info recieved? That's a different -and pointy, problem. After all, even an stopped watch will tell you what time is it -only, it will tell you wrongly.

"Isn't it more likely that some of 1000 servers somehow report wrong information instead of one single atomic clock?"

Yes. But then, ask yourself what the effect will be for tens of thousands of clients asking time data to a single atomic clock on its network. What would happen if every single bypasser asks you the time as you go?

"Seriously, what's wrong with one atomic clock? I hear they're KINDA accurate"

Even if they are KINDA accurate, they are no accurate ENOUGH for current standards. For a countrie's official time it usually takes about three atomic clocks to be sure. But, again, the problem here is not about accuracy, but bandwith considerations. That's true both for public Stratum 1 NTP servers as well as for the ntp.pool.org network.

"Can someone please explain this whole concept for us?"

Go to http://www.pool.ntp.org/ and you will find enough information to satisfy your curiosity.

Re:Google

[Ajehals]

A stopped clock is accurate twice a day.

Re:Google

[PCM2]

Crazy, isn't it? It's almost like keeping all your monetary assets in one bank, or entrusting your retirement savings with one investment management company.

So we're in ... total agreement? Or, wait, you think these are good ideas?

And it's not like your bank-issued credit card keeps a list of everywhere you bought something, ate something, or visited an ATM. Who'd ever tolerate that?

Tolerate it? I demand it. It's part of the services that I expect from my financial service providers. If they didn't give it to me, yep, I'd go somewhere else. Good thing there's more than one credit card around.

Re:Google

[GuidoW]

Google's server farms are distributed around the world. both coasts and in between as well as Ireland, Belgium and elsewhere. That was an extremely US-centric thing to say.

Re:Google

[WeblionX]

I use 24 hour time you insensitive clod!

Re:Google

[MarsDefenseMinister]

He included Ireland and Belgium. With the USA, that just about covers the entire world, don't you think so?

Re:Google

[SnowZero]

Cool. I'll be looking forward to it.

Re:Google

[RockDoctor]

He included Ireland and Belgium. With the USA, that just about covers the entire world, don't you think so?

Ah, sarcasm. That's just what a geographically-challenged American needs, don't you think?

huh?

[adamruck]

"Bandwidth is not an issue and you will barely notice the extra load on your machine."

If that is the case, why do they need more servers?

Re:huh?

[larry+bagina]

latency. The time you get back from the NTP server is the time the server sent the request. The client has to count the time it took to get a response and use that as a fudge factor. More servers means your client can find a closer server and minimize the transport time.

Re:huh?

[Ford+Prefect]

(Argh, crap - tried moderating this 'Interesting' and managed 'Offtopic' instead. Sorry - undoing all my moderation for this article. Please ignore this message!)

Re:huh?

[JackHoffman]

No, the network time protocol accounts for latency and eliminates its influence almost completely as long as the latency is roughly symmetric, which it usually is for small packets.

Re:huh?

[spaceboy_]

NTP traffic is often not at a constant rate. There a spikes and periodic peaks. More servers in the pool would help spread the load during peaks.

Re:huh?

[ls+-la]

There really should be an "Oops" button after you mod something; I've never done this myself but I've seen at least 2 or 3 of this type of message in the last few days.

Re:huh?

[fuzzix]

(Argh, crap - tried moderating this 'Interesting' and managed 'Offtopic' instead. Sorry - undoing all my moderation for this article. Please ignore this message!)

I modded this post Off Topic and I meant it!

Oh shit, did I just post?

Re:huh?

[Mistlefoot]

Latency doesn't seem to be that important to me neither.

I'd like to think that if my computer is say, 100ms off clock time that I won't be much affected.

I can't think of one instance where being off by even a half a minute or so that I would be affected.

Does anyone actually know the answer posed by the OP?

Re:huh?

[karnal]

If you're capturing packets from multiple machines and want to line up the captures, then you need to have accuracy.

If you're using SNMP to log equipment on the network, it helps to have everything as lined up as you can. Now, if you're a company doing this, typically you have your own time server and don't rely on this pool. But there are benefits to some to have more exacting time across all devices.

Re:huh?

[mrcaseyj]

"Bandwidth is not an issue and you will barely notice the extra load on your machine."

If that is the case, why do they need more servers?

If I understand it right bandwidth isn't an issue because they can tailor how much of the pool load goes to your machine. When someone queries the pool their ntp client does a DNS query to pool.ntp.org. The pool's DNS server semi randomly returns the IP address of one of the volunteer servers in the pool. If you tell the pool operators that you have only a little bandwidth then the pool DNS server will only return your IP address say one tenth as often as it does the IPs for the high traffic servers. This allows you to decide how much load you're willing to bear. Even if the pool is overloaded, your machine doesn't have to be.

Re:huh?

[Bob54321]

I've never done this myself but... Well Doctor, I've got this friend who has a problem...

Re:huh?

[jgrahn]

If you're capturing packets from multiple machines and want to line up the captures, then you need to have accuracy.

If you're using SNMP to log equipment on the network, it helps to have everything as lined up as you can. Now, if you're a company doing this, typically you have your own time server and don't rely on this pool. But there are benefits to some to have more exacting time across all devices.

A lot of things depend on that if A happens before B, it gets timestamped as <= B. Compiling things across a networked file system is enough to make you want highly accurate time.

Re:huh?

[Kadin2048]

Yes. There are lots of time-sensitive tasks that require at least second-accuracy, some that require accuracy that's greater than that.

The first thing that comes to mind is remote logging. If I have several machines logging to some remote machine somewhere (as you should on any non-trivial system, to make a log falsification more difficult), it makes log analysis a lot easier if I know that the timestamps in the log are accurate and consistent across machines. Particularly if you ever have to dig through a break-in (or what you think might be a break-in), or just user stupidity, where you want to match actions taken on one machine to results on another.

At the very least, you want to make sure that all the clocks on the machines are accurate to at least the smallest interval of time that you might have two timestamps on the log apart by. Or if that's not possible, at least within a span so that the same human-initiated command will be discernible across the system at the same time in the logs.

Other things that involve remote data-collection have the same issue. At the very least, you need to have all your computers set so that they're accurate to some factor that's less than the time between data collections. While "data collection" sounds esoteric, it could be something as simple as sending emails from one computer to another, or combining two stacks of digital photos taken from some webcams (if they're portables, that's a separate ball of wax).

Now, do most of these things require all of the computers in your home network to be individually pinging a Level 2 timeserver? No. It would work just as well to have your gateway router get the time from a timeserver, and then offer NTP broadcasts to your network, so that everything could just synchronize itself. You'd have high precision local time, for synchronization, and reasonable accuracy time to a national standard. But that's beyond most users, so most OSes just have each workstation take care of things on its own.

Re:huh?

[SnowZero]

It depends on what kind of accuracy you want. In the NTP papers, they discovered an error proportional to RTT (~= ping time), and error for a single host was often not zero-mean. The symmetry assumption is at best a crude approximation, and modern networks have made it worse. So, having more servers to keep the average latency lower is always a good thing. Ideally every ISP should provide this for their clients, keeping commodity internet bandwidth to a minimum.

Re:huh?

[suv4x4]

requires still more servers in order to cope with the demand. Millions of users are synchronizing their PC's system clock from the pool and a number of popular Linux distributions are using the NTP pool servers as a time source in their default ntp configuration. If you have a static IP address and your PC is always connected to the Internet, please consider joining the pool. Bandwidth is not an issue and you will barely notice the extra load on your machine.

The NTP protocol is designed to deal with latency. Latency doesn't matter pretty much.

Re:huh?

[IchBinEinPenguin]

... as long as the latency is roughly symmetric, which it usually is for small packets.

Unless you're on a slow link (dial-up) with a saturated downlink (i.e. downloading something) and a mostly idle uplink (ASK-s only).
I found that client-to-server time was roughly constant, 150-250ms. server-to-client was about the same of an idle link, up to 6 seconds(!) when downloading stuff.

Re:huh?

[SnapShot]

I was looking at the volunteering page and I didn't understand the part about the web server. I have a web server that gets almost no load (it's mostly personal stuff) can I let it be an NTP server and still use it as a web server for myself? Or, does it end up being a dedicated NTP machine?

Re:huh?

[norton_I]

You can continue to use it as a webserver. What they are requesting is that you add to your webserver configuration a virtual server entry for "pool.ntp.org" that redirects to their webpage. That ensures that people hitting your computer trying to access the www.pool.ntp.org website will get redirected to the right place. Normal visitors will be unaffected.

Re:huh?

[sgt+scrub]

NTP doesn't take any more bandwidth than DNS. Unfortunately, like DNS, it requires a lot of new connections. On average my NTP server gets 20 new requests per second. The more machines in the pool, the smaller the number of requests per second. The number of conversations going over a connection can be just as disruptive as streaming media. You might not be seeing large amounts of bandwidth but routers can be taxed handling all of the new conversations (DDoS attacks).

On a side note: I'm one of those people who like RUDP and DCCP.

Re:huh?

[turbidostato]

"I can't think of one instance where being off by even a half a minute or so that I would be affected."

Being off by half a minute... against what? If you happen to choose to be off by half a minute to a source that it's half a minute off from its source, that it's off by half a minute from its source, all in sudden you are off by one minute and a half from the first source; wrong enough for a reliable NFS conection, Kerberos ticket or bidding by the limit to an e-bay auction.

Re:huh?

[Mr.Ned]

"If I understand it right bandwidth isn't an issue because they can tailor how much of the pool load goes to your machine."

Yes and no. Besides the jerks who hammer servers, the bandwidth problem is one of accumulation. Even if you're in the DNS rotation for 15 minutes, you'll pick up clients, and those clients may not go away anytime soon. When I left the pool a few years ago, I didn't shut down the server right away, and found that two months after my IP was no longer in rotation, I was still getting traffic from the same hosts. ISC ntpd and OpenNTPd and the others resolve hostnames to IP addresses on startup and don't check back, so if a client has a month or two uptime, it's going to be asking you the entire time.

Re:huh?

[ZachPruckowski]

This is clearly OT, but in the "old" method of moderation, you had to select the choices and then hit the "moderate" button at the bottom of the page. So if you picked wrong, you could re-correct. My other issue with it is that if I go through an article, pick 5 nice posts, and then see a 6th post, I can't take one of the first moderations and give it to the new post instead.

Re:huh?

[swillden]

More servers means your client can find a closer server and minimize the transport time.

Except that (a) clients don't actually do that and (b) the NTP protocol doesn't need minimal latency, it needs consistent latency.

Having more serves in the pool won't help clients find a lower-latency server, because clients don't look. They just do a DNS lookup on the pool, get an IP address back and use it.

Re:huh?

[petermgreen]

that's basically what pool.ntp.org is, lots and lots of machines acting as stratum 3 or 4 ntp servers to suck up the load from those who need reasonablly but not super accurate time and don't have the computer experiance to find decent local servers and use them in a way thier operators find acceptable.

Re:huh?

[ask]

"My concer [sic] is that pool.ntp.com servers are not policed for accuracy."

But they are monitored and "policed". Stop spreading FUD.

In the last three months (the period where I have detailed data) we've had 4 servers off by more than a second while active in the pool. One of them (only active in the Ukraine and Europe) 4 times, the others just once.

I did the same query for "more than half a second" and got a few more servers, but still less than you can count on two hands.

    - ask

Re:huh?

[AaronLawrence]

Maybe if you did more than the mods you're allowed, slashdot could randomly select the 5 to apply.
Then you could just go around modding as many as you like, and some unbiased selection would go through.

Re:huh?

[qurk]

Ya latency is actually really important to me. I set all the clocks at my apartment 10 or 12 minutes ahead, I've discovered it helps me greatly in getting to work, events on time. The only issue I've ran into is when I scrobble music tracks to last.fm, and check my profile, it says I listened to them "in 10 minutes" and so on :)

Re:huh?

[petermgreen]

Hey, you're right! I was late for a job interview because I set windows to use time.windows.com, which is the default in the windows date/time properties applet.
I can't say i've ever managed to get a response from that server and the other alternative in the default list blocks queries from windows nowdays.

load

[ls+-la]

Bandwidth is not an issue and you will barely notice the extra load on your machine. I think if their servers can't keep up, you *will* notice the load, at least until enough join.

Re:load

[Mr+Z]

Not really. The more time sources you have, the more precise your estimate of the time will be, since you'll be able to cancel out disparate network jitter better.

--Joe

Re:load

[gregbaker]

Their servers can keep up just fine, or at least the one I run can. My stats show 1GB per month traffic and the ntpd process taking about 1 minute/day of processor time. That has been relatively constant over the year or so the server has been in the pool.

I think this is just a case of more==better. A bigger pool means more people can use their local zone instead of the global zone, the whole system can handle more clients, less load on servers means even more may be willing to join, ...

Seriously, it's not that big a deal. Just thow your server into the pool and forget about it.

Re:load

[seringen]

Hear hear That's consistent with what I have on my server - I never feel it and the more pool, the higher accuracy and ability to account for one-time blips of load like if hardware manufacturer hard codes all their routers to check at the very same time - certainly not impossible to imagine considering what's happened to some university NTP pools. I highly recommend joining.

Re:load

[Charles+Dodgeson]

I just want to add a "me, too". Collecting the stats and usage reports for my contribution to the pool takes far more resources than actually contributing to the pool. NTP is really light weight. The only "problem" I've seen is that every couple of months, it is useful for me to reset the state of my firewall. I didn't have to do that before joining the pool.

What can happen if a server gets "overloaded" is that the NTP service degrades. NTP sends UDP packets and so if the NTP server has more than it can handle it simply drops some queries. The host machine for the server doesn't show problems in other respects. You really won't notice that NTP service is running (even if overloaded) unless you specifically run some monitoring scripts (which, as I've said, consume far more resources than NTP).

Re:load

[raehl]

Just thow your server into the pool and forget about it.

Isn't that a bit extreme? Should I maybe waterproof it first?

Re:load

[buckadude]

I would love to join, my problem is with my service provider. I use FIOS and if I want a static IP I have to forgo the ability to get TV service at my house. This is a problem for me and i'm sure other users of FIOS. Oh well, perhaps some time in the future?

Re:load

[morgan_greywolf]

Nah. I hear liquid cooling is great for overclocking.

Re:load

[eh2o]

No, that isn't necessary assuming you've drained all the water and replaced it with oil.

Free GPS time equipment!

[ask]

I must mention that right now by signing up for the pool now you also have a chance to get some really cool time keeping equipment. :-)

Re:Free GPS time equipment!

[EraserMouseMan]

Only if you already have a server in the NTP pool. And even then, they only get freebies to give away every few months. Then they decide from the applicants who gets them. So your chances are probably pretty slim. The long-timers will get them first.

Re:Free GPS time equipment!

[Anomalyst]

As noted by sibling, new participants are unlikely to be a recipient. The stuff looks neat, it is shame the brainless/ball-less idiots in their marketing department do not post prices. Evidently they are unwilling to compete.

Re:Free GPS time equipment!

[owlstead]

"The long-timers will get them first."

There must be a joke hidden in this sentence somewhere...

So, what are they gonna say when overwhelmed?

[nlitement]

"Pool's closed"?

Re:So, what are they gonna say when overwhelmed?

[lordtoran]

No. They will add a wave machine and a sauna to attract more servers.

I for one..

[Petskull]

I for one.. *want* to be welcomed as a time-wielding overlord!

Re:I for one..

[Puff+of+Logic]

I for one.. *want* to be welcomed as a time-wielding overlord! If only your username was 'The Doctor'...

didnt they think of this?

[wizardforce]

Bandwidth is not an issue and you will barely notice the extra load on your machine. I think if their servers can't keep up, you *will* notice the load, at least until enough join.

do they have no way of routing/limiting traffic so that it isn't normally noticeable?

Re:didnt they think of this?

[ask]

The NTP protocol gives very limited ways of limiting it, so short of just closing down if we can't add servers as fast as traffic is added, no - there isn't much we can do.

The vendor program is one way we're trying to get more control, but all else being equal - more servers helps.

Comment removed

[account_deleted]

Comment removed based on user account deletion

More NTP servers, Lower Quality?

[Herkum01]

I can understand the desire/need for NTP servers. The question for me becomes, does this reduce the quality of chips used in PCs? The chips that keep track of time don't have to be as accurate since, "hey, it can just sync up with NTP server." Once you let something simple like time slide, maybe they let other issues slide too because "Who is going to notice?"

Re:More NTP servers, Lower Quality?

[topham]

PC Clock chips are amazingly bad and have been for 20+ years.

If they got any worse they would get the date wrong every other day.

Re:More NTP servers, Lower Quality?

[PhreakOfTime]

Obviously, youve not had much experience with the quality of the time function in a PC. Having an external, centralized location was the solution to deal with the already sup-par performace of local PC timekeeping.

Personally, Ive used a nice product called TrueTime WinSync on my windows PC's for quite some time now, and its always the first thing I install after the yearly HD wipes.

There are many, many applications that are adversely affected when 2 PC's on a network do not have an accurate time. Some have a space of days or weeks that are acceptable, but some have a much shorter amount of allowed error between the two hosts. An example you can try anytime is to set your PC clock ahead by about 4 years and then proceed to your favorite SSL enabled website.

Re:Unless netgear hears about you

[shawn443]

Netgear products, built in permanent network offline crushes, for thousands of addresses. I even googled "Netgear will go and hard code your ip address into one of it's dumbass products". Nothing really came up.

Better way To Do This

[nuintari]

I think that a better method could be used to encourage diversity. They should take a page from the root DNS servers, or Akamai. Either use BGP anycast, which is what most of the root dns servers do now, which will probably never happen. Or, have a zone that network carriers should use on their local DNS servers, and by way of DNS lookups, encourage their customers to use. ntp.org has a default set of values for say time.overload.ntp.org that reflects the current pool. But I, as an ISP make my DNS servers directly answer queries for overload.ntp.org, and make entires such as:

time IN A 1.2.3.4
time IN A 1.2.3.5

where 1.2.3.4 and 1.2.3.5 are ntp servers on my local network. I don't allow people off my network to query my DNS servers for recursive queries, and the ntp.org DNS servers never tell anyone to use my name servers for this space anyways. This would mean that only my customers that use my DNS servers (about 99%) of them, would ever get answers for my time servers, and they would definitely be close.

And anyone whose network carrier doesn't bother to set this up, still gets generic answers from ntp.org. This works much better than just a big pool full of 1000 servers worldwide, even if you bother to use the country code dns regions, you still aren't always getting an ntp server anywhere near you.

Re:Better way To Do This

[ask]

Hi Nuintari,

Yes - it'd be great if more ISPs offered time keeping services.

One of the plans for the pool is to let ISPs sign up their address space and tell where their NTP servers are. Then when a user using the pool asks for time servers we can point them to the local servers (if they are keeping proper time, etc etc). But it's a bit down the todo list, mostly due to lack of interests from ISPs.

  - ask

Re:Better way To Do This

[Charles+Dodgeson]

You are absolutely correct that if network carriers provided NTP services properly on their nets, then the pool wouldn't be necessary. If you go through Usenet archives you can read the history and discussion behind the creation of the pool. Everyone realizes that the pool is an inferior solution that we are stuck with because the network access service providers won't do their job.

The next time I've got a free two hours for self-torture, I'll call Verizon Business customer support and ask them about NTP service. (It will take that long to be transfered to someone who understands the question.)

Re:Better way To Do This

[nuintari]

Oh, I understand that completely. But if the pool was a series of generic entries that individual carriers could overload in DNS if they wanted to, then all those netgear routers could default to the pool, and would take advantage of this on the networks by people who care (like me), and still have the defaults to fall back on for less helpful networks. This would allow zero configuration for the end user, unless they had a specific time server they wanted to query.

Re:Better way To Do This

[TooMuchToDo]

Can you point me to a location to specify a Stratum 1 server? I have access to colo space as well as roof rights for a GPS antenna. I would be happy to host a Stratum 1 or Stratum 2 time server to help the NTP cause.

Re:Better way To Do This

[Charles+Dodgeson]

I fully agree. I just wish ISPs would actually do it.

Re:Better way To Do This

[adolf]

Wrong solution.

Poisoning DNS is never a good idea for public (including ISP) use. Please don't suggest this.

A far better method is to use DHCP to assign one or more local NTP servers, just as is done for DNS servers and other things which may vary from network to network.

DHCP, as a protocol, supports this usage just fine. Various DHCP client implementations also support this by default[1].

All that needs to happen is for the ISP to actually run ntpd (which is trivial), and configure the DHCP server to start telling people that it exists. And then, the consumer router manufacturers, Linux distributions, and (gasp) Windows can start using it.

[1]: Unfortunately, I've had /etc/ntp.conf rewritten by a DHCP client under Linux so as to point to non-working servers, due to some machine at woh.rr.com deciding to set the NTP addresses wrong. This is obviously bad behavior, but it's just Roadrunner's fault for putting a broken configuration into production, not the client's fault for trusting and acting upon that configuration.

Re:Better way To Do This

[egburr]

http://tf.nist.gov/service/time-servers.html

All organizations interested in possibly hosting a NIST Internet Time Service server are invited to contact Time and Frequency Division Chief Thomas O'Brian for more information, including a description of the equipment that the organization must have available and a discussion of the other technical qualifications necessary to host a server: obrian@boulder.nist.gov .

Re:Better way To Do This

[TooMuchToDo]

Thank you!

Re:Better way To Do This

[nuintari]

Is it really poisoning when it is done by a bunch of networks intentionally agreeing on a set policy that is expected by the authoritative source?

Akamai does something weird that allows them to spread their subscribers' sites over a variety of networks that may or may not qualify as DNS poisoning, I suppose I could come up with something better based off their ideas. I've never looked into how the nitty gritty of their service works (we were already using it successfully when I came on board), but customers on my network going to yahoo.com will prefer the Akamai boxes on my network over the true source, or any other Akamai boxes on other networks. Which is basically what I am saying we should aim for, as opposed to the current shotgun approach.

My issues with your DHCP suggestions are twofold. For starters, not all DHCP clients honor the extra fields for ntp servers, among other things. Secondly, not everyone uses DHCP, plenty of other ways to get an IP address in this world. But everyone uses DNS.

But I do agree that we cannot just arbitrarily poison DNS. Needs some thought, but almost anything could be better than the current shotgun approach.

Re:Better way To Do This

[adolf]

A few thoughts...

Unlike a partnership with Akamai, there's no compelling monetary reason for an ISP to offer their own NTP server. Therefore, the easiest (least costly) solution -- at the ISP end -- is probably the most likely to win. Adding a line to dhcpd.conf is probably easier than configuring BIND to issue lies.

And while not everyone uses DHCP, they certainly have some mechanism for communicating things like DNS server addresses, default gateways, and so on. Using that same mechanism (be it DHCP, bootp, or snail mail) to inform the customer of the local NTP server seems trivial in every instance I can think of.

Clients that don't care will obviously ignore this data, but customers who do care can modify their client software accordingly.

Eventually (as in, within the MTBF of a Linksys router), if it ever gains any foothold, clients will use this data by default.

But I guess the most glaring problem to me is that, surprisingly often, the ISP's own DNS servers are slow and/or broken, and overridden. Much of Roadrunner's network is, for instance, assigned DNS servers which are so slow that when browsing the web, more time is spent on simple DNS lookups than on downloading and rendering content.

This, in turn, causes people like me to use a different DNS server on a different network. In my case, I use Level3's DNS at 4.2.2.1 because it is easy to remember and quite fast. Your suggestion ties together DNS and NTP inextricably, such that I'd also be using L3's NTP server by default, when all I really wanted was different DNS.

I don't want a solution to one network problem to have cascading effects on other network services. There's enough of that in the world already.

Remember, the whole point of this is to eliminate end-user manual NTP client configuration, and reduce network load, while offering the useful service of providing accurate time. And I can only hope that, after all of this, network-attached devices of all types will use this mechanism (whatever it is) to automatically derive time from a nearby NTP server.

Some of these devices will be reconfigurable to use whatever NTP server the user wants (certainly, my Linux box is), but hopefully some simpler devices will not be (think print server, networked DVR, WiFi LCD picture frame, or other minimally-configured box).

If a standard method for propogating NTP server names to end-users ever does get implemented, I shouldn't have to run a local copy of BIND and my own regimine of poison, just to allow independant settings for both DNS and NTP servers.

But that's all just my opinion. It is probably wrong. :)

Re:Better way To Do This

[lukas84]

IPCP, which is used for PPP connections, which are (today) commonly used with xDSL lines, does not support sending NTP servers.

Re:Better way To Do This

[jrumney]

I used to redirect time.windows.com to my own ntp server to get better accuracy on my Windows machines without reconfiguring them all, but recently I changed to using iptables to intercept all NTP packets that weren't to/from my NTP server.

Re:Better way To Do This

[nuintari]

Unlike a partnership with Akamai, there's no compelling monetary reason for an ISP to offer their own NTP server. Therefore, the easiest (least costly) solution -- at the ISP end -- is probably the most likely to win. Adding a line to dhcpd.conf is probably easier than configuring BIND to issue lies.

Actually, having some local source of consistent time is pretty much a no brainer on any network that wants logs to be sane, NFS to work correctly, or has any services that require more than one server to run. I really don't mind running them, and letting my customers know. Oh, customer computers that have an accurate clock are far less likely to be obnoxious as all hell when they get email from the future, or way in the past. No, I am not kidding, time.microsoft.com is a good thing in that it got rid of one kind of very pathetic support call.

But I guess the most glaring problem to me is that, surprisingly often, the ISP's own DNS servers are slow and/or broken, and overridden. Much of Roadrunner's network is, for instance, assigned DNS servers which are so slow that when browsing the web, more time is spent on simple DNS lookups than on downloading and rendering content.

This, in turn, causes people like me to use a different DNS server on a different network. In my case, I use Level3's DNS at 4.2.2.1 because it is easy to remember and quite fast. Your suggestion ties together DNS and NTP inextricably, such that I'd also be using L3's NTP server by default, when all I really wanted was different DNS.

Wow, that is just pathetic. DNS is not hard to run, and 4.2.2.1 _is_ a slow name server that drops traffic from non level3 customers whenever it gets overloaded. I had a T1 customer who had some moron for a consultant who didn't think we _had_ our own DNS servers. Case and Point, he never asked.... checked our webpage, or used whois on our domain name. I was over there to upgrade them to a Metro Ethernet link, and nothing was working due to DNS failing. Consultants are stupid. If their DNS sucks, you can probably bet they skimped out on the NTP server budget, or didn't bother. Read on for my solution.

Remember, the whole point of this is to eliminate end-user manual NTP client configuration, and reduce network load, while offering the useful service of providing accurate time. And I can only hope that, after all of this, network-attached devices of all types will use this mechanism (whatever it is) to automatically derive time from a nearby NTP server.

You are missing the key point of my suggestion, which is that we set aside a DNS name space for anyone who wants to use it, but also leave aside the existing space for those who do not.

Some of these devices will be reconfigurable to use whatever NTP server the user wants (certainly, my Linux box is), but hopefully some simpler devices will not be (think print server, networked DVR, WiFi LCD picture frame, or other minimally-configured box).

Good lord, I hope that is never the case. I hate it when they cut config options out of end user devices. You go on and on about choice, then hope simple device don't grant you choice? Please pick a side. What if your ISP does provide a DHCP configured NTP that server that is off by 12 minutes. Do you want that lack of choice now?

If a standard method for propogating NTP server names to end-users ever does get implemented, I shouldn't have to run a local copy of BIND and my own regimine of poison, just to allow independant settings for both DNS and NTP servers.

So, hear me out, because you have missed what I have tried to infer.

Currently, ntp.org has 0.pool.ntp.org, 1.pool.ntp.org and 2.pool.ntp.org. I propose that those remain in their current form. I also propose that 3 new ones be created: 0.overload.ntp.org, 1.overload.ntp.org, and 2.overload.ntp.org. ntp.org answers queries to this zone with the exact same answers it would give for the original pool. Any ISP that wishes to send over

Re:Better way To Do This

[nuintari]

I can see this method being very valuable for a private network, or a corporate network when the IT gods have ultimate say over network operations. But I run an ISP, I am in the business of giving people choices, not telling them what to do. Occasionally, I try to poke them with a stick in one direction or another, which is the end goal of my idea. But if I just grabbed all ntp traffic at my core, and forced it to my own time servers, someone would eventually have a cow about it.

Customers make no sense, you send them email, they want the spam gone. You filter the spam, they hate the increased wait time between send and receipt. They get virus mails, they bitch, you install clamav, they get mad when it catches a zip file full of their daughter's baby pictures and the peacomm virus. You DNS blackhole a certain truly lame social networking site for 4 hours as an April fools day joke..... I guess they had the right to bitch about that. Then you turn around and offer to upgrade them to a faster, cheaper service for no install fee, and they drag their heels for six months. They make no sense, and when it comes to network changes that they were clueless about five minutes prior to it happening. They will bitch for the sake of bitching.

Re:Better way To Do This

[h3]

>Yes - it'd be great if more ISPs offered time keeping services.

They kinda do, though they don't usually advertise. Many routers have ntp services builtin so if you do a traceroute outward (for example to google.com) and then query each hop away from you, you'll probably find ntp service along the way.

For example, I'm on rr.com and 4 of the 5 hops with rr.com address (it moves to level3 after that) have ntp service.

Of course, there's no convenient DNS and you are prone to the ISP changing routes and stuff at will and the assumption is that your ISP keeps it's routers sync'd, so be mindful.

Re:NTP Isn't Accurate

[ask]

Hi AC,

The NTP Pool monitors the servers and only uses those with accurate time. A server drifting several seconds off would be taken out of the pool until it got fixed.

Also, the NTP daemons are Quite Good at ignoring the servers with Bad Time Keeping.

Using ntpd with the pool servers will give you much much much more accurate time than trying to set it manually after looking at a web page.

    - ask

Re:NTP Isn't Accurate

[Charles+Dodgeson]

Please name one ntp server in the pool that it off by more than .5 seconds? The vast majority are accurate to under .1 seconds. I do not believe that the AC who said these aren't accurate understands how NTP works.

GPS time with OpenBSD

[ptudor]

If you grab a USB GPS receiver, I used a $60 BU-353, you can have accurate time easily.

openbsd# dmesg | tail -3
uplcom0 at uhub0 port 2
uplcom0: Prolific Technology Inc. USB-Serial Controller, rev
1.10/3.00, addr 2
ucom0 at uplcom0
openbsd# nmeaattach cuaU0
openbsd# sysctl -a | grep hw.sensors
hw.sensors.nmea0.timedelta0=-328.10115 9 secs (GPS), OK, Tue May 15 19:48:46.898
openbsd# echo "sensor nmea0" > /etc/ntpd.conf
openbsd# echo "listen on *" >> /etc/ntpd.conf
openbsd# ntpd -ds
ntp engine ready
sensor nmea0 added
sensor nmea0: offset 328.097637
set local clock to Tue May 15 19:57:46 PDT 2007 (offset 328.097637s)
sensor nmea0: offset 0.020612
...

Re:GPS time with OpenBSD

[ask]

Actually ... The USB latency can be pretty bad, so it's likely you'd get better time from a well-picked internet time server. You'd definitely get MUCH better time with a proper PPS (Pulse Per Second) time keeping GPS receiver or variations of that.

Re:GPS time with OpenBSD

[mrcaseyj]

In addition to the latency of USB, the nmea output of a GPS unit may not be very accurate. Go for a GPS with pulse per second if you can find one for a reasonable price. A while back I was checking the chipset specs for the cheap GPS receivers to find one with a pulse per second output. I found some but I forgot which ones they were. Of course you would have to open the case and do a little soldering. I'm not sure how you would hook it up to your server once you got the pulse per second out. I think maybe to one of the pins on the serial port that would trigger an interrupt.

Under OpenBSD I've gotten much more stable timekeeping by recompiling the generic kernel with only one simple change. I set the processor type to 586 or 686 as the case may be. Specifically in the /usr/src/sys/arch/i386/conf/GENERIC file I removed "option I486_CPU" and "option I686_CPU" so that it would be correctly configured for my pentium 166 cpu. I think the pentium has some time keeping functions the 386 and 486 didn't have. Although I haven't found the parts of the kernel code where this change does its magic.

Re:GPS time with OpenBSD

[hgerstung]

...and the nice thing is that there is already a driver for OpenBSD for that device, thanks to the opensource driver policy of Meinberg. Heiko

Re:GPS time with OpenBSD

[Slashcrap]

Under OpenBSD I've gotten much more stable timekeeping by recompiling the generic kernel with only one simple change. I set the processor type to 586 or 686 as the case may be. Specifically in the /usr/src/sys/arch/i386/conf/GENERIC file I removed "option I486_CPU" and "option I686_CPU" so that it would be correctly configured for my pentium 166 cpu. I think the pentium has some time keeping functions the 386 and 486 didn't have. Although I haven't found the parts of the kernel code where this change does its magic.

Well, I think the Pentium introduced the RTDSC instruction which can be used as a high resolution timer. But it's also possible that "option I586_CPU" turns on support for more modern motherboard based timers, like the HPET.

Re:Unless netgear hears about you

Your google fu sucks, grasshopper.

NTP abuse

Re:here's a question

[ScrewMaster]

Comcast's addresses aren't static: it's all managed via DHCP. They have what they call "permanent IP addresses", which means that they won't change them very often, but they reserve the right to change them any time they want. I've had Comcast since they bought out the remains of AT&T Broadband, and they've only changed it twice (once because I upgraded to the next speed tier.)

How about semi-dynamic IPs

[pembo13]

If bandwidth requirements are low, I wouldn't mind joining the pool. But my ip is semi-dynamic: dynamically assigned, but rarely changes. I use DynDNS to get it.

A more practical solution...

[__aaclcg7560]

Is to have DSL/cable modems provide the NTP service since they're facing the internet anyway.

Re:A more practical solution...

[irving47]

hey that's what I was going to say. :)
Seriously. Put a daemon on all linksys/netgear/etc routers and have them log their own ip addresses for a while. If they stay static for a fairly lengthy amount of time, they sign into a dyndns.org-like server for a few hours a day, and become part of the pool for a while. Maybe have it dependent on their serial numbers or something.

Re:A more practical solution...

[Charles+Dodgeson]

Put a daemon on all linksys/netgear/etc routers and have them log their own ip addresses for a while But where will all of those routers get their time from? If you've got a solution to that problem then there is no need for the pool (unless your solution is the pool).

Re:A more practical solution...

[irving47]

Each other?

Re:A more practical solution...

[Charles+Dodgeson]

That's not how NTP works. The goal isn't just time synchronization, but getting the correct time as well. So NTP is hierarchical. There are stratum 1 servers that get their time from things like atomic clocks and GPS devices. NTP servers which get their time from stratum 1 servers are stratum 2 servers, and so on. The reason for the pool is set up a bunch of public stratum 3 and 4 servers so that the public stratum 2 and stratum 1 servers don't get more requests than they can respond to.

The hierarchy also helps in other ways. If you manage a network, you can have one or two machines on that network sync to external servers and then just have everything else on your net sync to those one or two NTP servers on your net.

Despite what I said about hierarchy, there is NTP peering (usually on a local net), but that is only a supplement to the hierarchical syncing. You can't build the whole system on peering.

atomic clock to PC connection?

[zogger]

Like a lot of guys here, we have an atomic self setting clock that works from radio broadcast. They are cheap now and work very well. What I am wondering is, do they make some sort of attachment clock, so it can set your computer's time that way? Like an atomic clock/usb cable connect thingee? Seems like if they did, we wouldn't need all these NTP servers, the government does the radio broadcasting and it is as accurate as it gets.

Re:atomic clock to PC connection?

[DMUTPeregrine]

USB latency is generally too high for this.

Re:atomic clock to PC connection?

[evilviper]

do they make some sort of attachment clock, so it can set your computer's time that way?

Of course they do. Anyone who has ever setup ntpd should know that quite well. The default/example config file is STREWN with examples of using hardware clocks... So much so it's difficult to figure out how to set it up to sync to other servers via the network.

From the man page:

The NTP Version 4 daemon supports some three dozen different radio, satellite and modem reference clocks plus a special pseudo-clock used for backup or when no other clock source is available. Detailed descriptions of individual device drivers and options can be found in the "Reference Clock Drivers" page (available as part of the HTML documentation provided in /usr/share/doc/ntp).

Re:atomic clock to PC connection?

[TurboStar]

Seems like if they did, we wouldn't need all these NTP servers The HeathKit GC-1000 Most Accurate Clock from about 20 years ago had an RS-232 port option (I still have mine). You can also get modern a GPS receiver to do the same thing. The advantage of NTP is that every computer connected to the net already has everything it needs to get accurate time. Very few people really need time as accurate as NTP can provide. The people who do need this already have to run their own NTP server. So basically, requiring everyone to have extra radio hardware and possibly an antenna structure just to set their clock isn't going to fly. Instead, you'd have the equivalent of a blinking 12:00 everywhere, but worse because with 12:00 you can suspect an inaccuracy, but a random time incrementing at a normal pace isn't going to raise many flags.

But yeah, we could get away with less servers, if the internet were redesigned with less suck and your ISP worked for you instead of content producers. No radios needed.

What I don't get is why time was never part of DHCP. That would make NTP pointless for anyone not trying to sync logs or transactions across servers. A bit too late for that though.

Oh, and goodbye Slashdot. You were great back in the day.

Re:atomic clock to PC connection?

[Eil]

With the radio-controlled clocks retailing for $20 and less, one would think that somebody out there has created a box about the size of a wifi router that just plugs into your network and serves NTP. Every few months I go googling for one and come up dry. Toyed with the idea of building one, but I don't have the requisite electronics knowledge and can't find any schematics. It may be possible to hack certain manufactured clocks, but I've found that the circuitry on those is a little too self-contained for proper hacking.

Re:atomic clock to PC connection?

[Kent+Recal]

Seconded!
Make it a standalone box or just build it into those $20 multi-purpose routers.

For $30 or even $40 a shot I would buy three for redundancy and it would still
be the cheapest solution.

My only worries would be accuracy (do we get subsecond over radio?) and reliability
(my radio clock has actually jumped a few hours forward a few times - due to signal noise
  or hardware bug?).

Re:atomic clock to PC connection?

[JasonTik]

Sure, but I still have to pay $20 or whatever per computer, instead of downloading and running a free ntp app which will synchronize from the same source. (The radio clock is one of the tier 1 NTP servers, iirc)

Re:atomic clock to PC connection?

[protactin]

What I don't get is why time was never part of DHCP. That would make NTP pointless for anyone not trying to sync logs or transactions across servers. A bit too late for that though.

DHCP allows the sending of a parameter containing one or more NTP servers the client should sync with, if that's what you were meaning.

Re:atomic clock to PC connection?

[rubycodez]

funny the radio service can get a computer accurate to a millisecond but the public internet with ntp only gets to ten milliseconds.

Storm

Have they asked the Storm network operators? I think they could donate a few thousand machines from around the globe pretty easily.

Re:Storm

[Gloy]

Or possibly just 1000 new servers reporting the wrong time...

VMWare?

[MikeFM]

Do they have a VMWare image I can run? Real lite like FreeNAS?

Re:VMWare?

[ask]

The virtualized servers don't usually keep their own time - or when they do they do a poor job.

Re:VMWare?

[MikeFM]

That's a good point although I only really see the system complain when I'm running 64bit Linux. I've never noticed the time being off in either though. Even if the virtual machine stays synced to the vm host clock it'd still be useful to have the ntp service running in a virtual machine - if the clock isn't off.

Re:VMWare?

[pe1chl]

When being an NTP server you want the clock to be as accurate as possible.
The server is often locked to other servers and/or to local radio clock receivers.
In a physical machine, there is an accurate hardware timer that is used as the incrementing clock (at micro- or nanosecond rate) and which is frequency locked to the references.
Such hardware does not really exist in the virtual machine, it is emulated, and this emulation is not very good even when you sync to the host.
It is good enough for "wristwatch time" in your virtual machine, but in an NTP server you expect accuracy to the order of milliseconds when externally synced, or microseconds when synced to local radio receivers.
VMware simply is not up to that job.

Although I think ntpd does not have a bad security record (compared to other network services with a long history), I think a better approach to improved security would be to focus on the server code instead of running it in a virtual machine.
BTW, the current version already runs in a chroot environment and as a non-root user in modern Linux distributions.

zero config and NTP?

[Midnight+Thunder]

This where a zero config version of NTP servers and client would be useful, to allow for the discovery of an NTP server on the local network, unless it already supports multicast discovery.

I am sure that there are many private networks where computers are still connecting to external time servers, when the could easily use a server on the local network.

Re:zero config and NTP?

[qtp]

A properly configured dhcpd can specify the location of the local network's timeservers to requesting clients. The client must be configured to request (and make use of) the information as well.

Re:zero config and NTP?

[jgrahn]

This where a zero config version of NTP servers and client would be useful

Zero-config? Hell, they could start by fixing the documentation and user interface. Last time I checked they had no normal man pages, and the diagnostics included things like bit fields expressed in hex ("... kernel time discipline 2001" versus "2041", WTF?)

But I realize it's a complex topic.

Re:zero config and NTP?

[Midnight+Thunder]

A properly configured dhcpd can specify the location of the local network's timeservers to requesting clients. The client must be configured to request (and make use of) the information as well.

This assumes that the hosts are using dhcp for name look up. BTW Thanks for the info, since I wasn't aware that dhcp could offer this.

Re:NTP Isn't Accurate

[Mike+Morgan]

3 Minutes?!?

  I have my machines synced via ntp. ntpq reports than I'm no more than 3ms out of sync with a stratum 1 time server (9ms out of sync with UNSO) and that server is synced with GPS and USNO which as you said is never more than .0001ms out of sync with UTC.

    Eye-balling like you described I can verify that I am within 2000ms of http://time.gov/. I think perhaps that that website may have had issue on the date you saw it being 3 minutes different than what NTP provided.

I'd show you the ntpq output but the lameness filters prevent it.

Not so much the chips, but the timebase crystals..

[Ellis+D.+Tripp]

The component that actually determines the stability and accuracy of the real-time clock in your PC is the timebase crystal, not the RTC chip itself.

Like every other component in mass-market electronic gear, it is chosen with minimum cost as the primary consideration. Such "value engineering" also has done away with the tiny trimmer capacitor that used to be present on most motherboards, which could be used (along with a frequency counter) to tweak the oscillator frequency for better accuracy.

For real accuracy, the timebase oscillator needs to be kept at a constant temperature, which isn't possible in a PC that gets turned on and off. Ideally, the crystal (or the entire oscillator circuit) is enclosed in a package equipped with a heater element and temperature sensor, and kept at a constant temperature. Such a circuit is called an OCXO, or Oven Compensated Crystal Oscillator, and is standard equipment on laboratory grade equipment like frequency counters and signal generators.

Re:here's a question

[Shados]

If you reread the parent a bit, they asked if it was static -ENOUGH-, not if it was static.

how to get ntpd to stop listening on all interface

[ZeekWatson]

Anyone know how to get ntpd to stop listening on all interfaces? I have a host with several IPs and ntpd listens on all of them ... a little bit annoying.

# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 localhost:ntp *:*
udp 0 0 x1.example.com:ntp *:*
udp 0 0 x2.example.com:ntp *:*
udp 0 0 x3.example.com:ntp *:*
udp 0 0 x4.example.com:ntp *:*
udp 0 0 x5.example.com:ntp *:*
udp 0 0 x7.example.com:ntp *:*
udp 0 0 host.example.com:ntp *:*
udp 0 0 example.com:ntp *:*
udp 0 0 *:ntp *:*

Looks like my HTML-fu needs work too. Dunno how to stop having multiple whitespaces condensed to 1 space ... :(

Dunno about Comcast - but Cox is stable

[NotQuiteReal]

Theoretically I have a dynamic IP address. It hasn't changed in 7 years.

Re:Dunno about Comcast - but Cox is stable

[ask]

Yeah - the criteria really for "useful for the pool" is "doesn't change more than every few years".

Re:Dunno about Comcast - but Cox is stable

[adolf]

Every few years? Pfft.

If people are using DNS to look up NTP servers like they should be, instead of stupidly using IP addresses, then a dynamic address that changes even as often as every few days will be more than adequate.

Just get yourself a free static subdomain at a place like dyndns.org or zoneedit, and roll with it. A brief interruption due to a switch in IP addresses would likely never even be noticed by ntpd, but even if it were, there's plenty of redundancy in the NTP pool to cover the gap while the old DNS records expire before the new ones get used instead.

Of course, all bets are off if ntpd only performs one DNS lookup at startup, and then trusts the resultant IP address will be valid until the end of time, irrespective of what the domain's SOA record says should happen. If this is the case, I'd characterize it as an ntpd bug (for not following standard DNS conventions like expiration time) which should be fixed.

Re:Dunno about Comcast - but Cox is stable

[Incadenza]

Of course, all bets are off if ntpd only performs one DNS lookup at startup, and then trusts the resultant IP address will be valid until the end of time, irrespective of what the domain's SOA record says should happen. If this is the case, I'd characterize it as an ntpd bug (for not following standard DNS conventions like expiration time) which should be fixed.

Well, how do you think the adresses pool.ntp.org work? Clearly would not work if ntp looked up the DNS every time it queried the server.
And how would ntp be able to calculate reach/delay/offset/jitter of remote machines if these can be different machines every time?

As the owner of a stable server I find the biggest disadvantage of the pool.ntp.org servers their unreliability over longer periods. When I came back from the summer holidays last week all 3 pool servers that my server queried had dropped dead. Luckily my provider does have a reliable ntp server.

Re:Dunno about Comcast - but Cox is stable

[adolf]

Bummer.

I hadn't thought of pool.ntp.org. It's too bad that they couldn't come up with a more agreeable method. Something like pool.ntp.org resolving round-robin to server-unique CNAMEs that are kept until restart and which point to potentially-dynamic A records that are looked up for every query (or once per day, or something).

It'd add a little DNS traffic to the network, but with sensible use it's unlikely to be noticed. Meanwhile, people get to use cheap dynamic IPs as public NTP servers.

But I'm sure there's something about the nature of DNS, as implemented, which will keep this from working...

Re:how to get ntpd to stop listening on all interf

[gfilion]

Anyone know how to get ntpd to stop listening on all interfaces?

Use OpenNTPd! No seriously, there's a bug on ntpd's bugzilla asking for this that has been opened in 2003 and it's still not fixed. ntpd is so badly written that no one dares to write a patch.

And people wonder why I hate every program written by ISC...

My thought is

[Photar]

Some how this should all be merged into the bittorrent client.

clarify please

[PhreakOfTime]

Could you clarify that a little more please? Why does getting a static IP remove the option of TV service? I cant see any technical problems for that to be the case, so it must be some oddly written contract.

I would imagine with some deep digging, such a contract would be found to be anti-competitive.

On a side note, its pretty obvious why the state of broadband in the US is what it is. TeleVision is the sacred (cash) cow. Combine this with the strong opposition to any sort of NetNeutrality, and the game these TV/Internet/Phone companies are playing is becoming very clear. Not to mention VERY disturbing.

Re:here's a question

[Dun+Malg]

If you reread the parent a bit, they asked if it was static -ENOUGH-, not if it was static. "static enough" is like "pregnant enough". It's either true or false, there is no matter of degree. Even if your cable IP address hasn't changed once in 7 years, it still isn't static because they can change it at will. Cable isn't static, so the answer is "no".

not yet...

[deimtee]

Shouldn't the "milestone" be 1024 servers?

Mod parent up so volunteers won't be scared off

[mrcaseyj]

I had hoped my comment would be modded up quickly but it hasn't so forgive me for asking that someone mod my parent post up so that volunteers won't be scared off for fear of bandwidth overload. I've already got excellent karma so I'm not asking this for me, I'm asking for the sake of the pool.

Windows XP's default time servers.

[antdude]

Is this why the default time.nist.gov and time.windows.com servers don't work sometimes?

Re:Not so much the chips, but the timebase crystal

[Jonner]

I'm sure you're right about the low cost of the PC RTC components. However, I still don't understand why I've long been able to buy a watch for $2-$15 that keeps better time than any PC I've had.

Windows Time

[kylehase]

For those interested, you can change your Windows time servers to NTP servers in the registry here: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\DateTime\Servers]

Re:Windows Time

[DeusExCalamus]

Or (in winXP as admin account at least) you can doubleclick on the clock, go to internet time, and enter the ntp server there.

Re:Windows Time

[firefox2501]

Or you can do it at the command line:
net time /setsntp:[servername]

Pool

[PacketScan]

I've been in the pool for years. It's a great service.

Re:Why not make it peer-to-peer

[nuintari]

Because the number one rule of infrastructure is, "never trust the client." Peer to peer networks are full of malware/trojans/assholes, and generally far too easy to infiltrate with unwanteds.

And while I agree with your sentiment that I can live time being off by a little, I also run a lot of UNIX servers that use NFS heavily. I am far more concerned with all of my network machines agreeing on what time it is on my network, than being correct with the world. I sync two dedicated time servers to the ntp.org pools (soon to be three), and all my internal hosts sync to those two. Being synced with the world is very handy, and generally I would prefer it. But being in agreement with myself is non-negotiable, I just need it.

2 + 2 = 5

[Nom+du+Keyboard]

Bandwidth is not an issue and you will barely notice the extra load on your machine.

This doesn't add up. If it doesn't burden existing machines, then why do we need more of them?

Re:2 + 2 = 5

[TooMuchToDo]

So that the average load stays low:

http://www.pool.ntp.org/join.html

Currently most servers get about 5-15 NTP packets per second with spikes a couple of times a day of 60-120 packets per second. This is roughly equivalent to 10-15Kbit/sec with spikes of 50-120Kbit/sec. The project steadily acquires more timeservers, so the load should not increase dramatically for each server. In plain terms, you probably need at least 384Kbit bandwidth (in and out-going). Since late 2006 the load for most servers have been going up steadily, so we really really need your help! Right now (September 2007) if you are close to the minimum requirements you will get more traffic than you'd like, but we are working on a solution to be deployed over the next month or two.

Re:2 + 2 = 5

[Miravlix]

Ever heard of this thing called time?

I guess not or you would realize that every day we get new clients using the pool, so to keep up we need new servers.

Re:2 + 2 = 5

[Charles+Dodgeson]

An "overloaded" NTP server merely degrades NTP service. It doesn't affect the host adversely, it just means that the NTP server will not respond to all of the UDP requests it gets.

Re:here's a question

[WK2]

Sounds like you are trying to save face for missing a bit of info.

There is static:dhcp. And there is static:dynamic. The first comparison only applies to IP addresses. The second comparison applies to many things. Using the first comparison, your IP is either static or dhcp. The second comparison is a scale, with infinite variations between.

security

[dshk]

I would join but only if there is an NTP server implemented in Java. I do have a few windows servers but I am not a professional admin and don't know much about ntp servers, so I don't trust any native program. If it would run on a Java virtual machine than it is OK.

Re:security

[pe1chl]

NTP servers are written around precise clocks and with minumum processing latency in mind.
An NTP server running on a Windows platform already is significantly worse than one on Unix/Linux, and I think that should not be further degraded by running it in a virtual machine.
Remember you want to put the current local time down to nanoseconds in the reply packet. Your underlying platform should be capable of providing that time, and the processing code should not take so long that the time value is completely meaningless.

When you don't trust the program and don't want to put up a dedicated machine with no other critical stuff on it, then it is better to just forget about it.

Re:Not so much the chips, but the timebase crystal

[crazyvas]

Because your PC is doing a lot more work than your watch. It doesn't have time to keep good time. Stop watching all that porn, and it'll help.

Re:NTP Isn't Accurate

[ask]

Three of those servers are in agreement with each other on time within 3 milliseconds. Yes, that's a lot less than 0.1 seconds.

  - ask

Eat more manpages.

[Kadin2048]

Um, you realize that ntpd is rejecting the server that disagrees with the others by ~19 milliseconds, right? It's using the top one as its source, backed up by the bottom two.

Re:NTP Isn't Accurate

[SnowZero]

You do realize all those times are in milliseconds, right? So, the largest difference between your computer and one of the servers is 27 milliseconds, and the leading "-" in front of the hostname means it isn't even being used for synchronization. Also, either you didn't let it settle for a while, or your local computer clock is inaccurate, because you are still polling once a minute. A "healthy" computer clock will lower the poll frequency significantly if the local and estimated net clocks don't jitter much. I did have one machine with a clock that just sucked, so I had to make sure it was a client of another machine which could act as the timekeeper on my home network, and make sure it polled the timekeeper often.

Personally, I don't use the pool, and instead find some stable servers near to my ISP. But you really can't argue against the NTP pool as a default setup, since it works everywhere. So, if it bothers you, find some closer servers or convince your ISP to run a time server (many are already doing so). In both cities I've lived in, I was able to find an open stratum-1 server with a ~20ms delay (Thank you GPS).

Re:Not so much the chips, but the timebase crystal

[mrderm]

Your watch keeps good time because it is kept at constant temperature by your body.

Re:NTP Isn't Accurate

[nukem996]

I'm running Gentoo but I setup NTP and use pool.ntp.org and was curious about your post so I went to the site. Both my desktop and laptop are right on time.gov(to the second didn't test millisecond or anything) So maybe ubuntu uses a different time server but pool.ntp.org work 100%.

Re:Why not make it peer-to-peer

[pe1chl]

This is how it works! Now, you just need more people who are prepared to be peers and serve the time for others.

Re:NTP Isn't Accurate

[cortana]

You should install the ntp-doc package and then check out /usr/share/doc/ntp-doc/html/ntpq.html:

peers Obtains a current list peers of the server, along with a summary of each peer's state. Summary information includes the address of the remote peer, the reference ID (0.0.0.0 if this is unknown), the stratum of the remote peer, the type of the peer (local, unicast, multicast or broadcast), when the last packet was received, the polling interval, in seconds, the reachability register, in octal, and the current estimated delay, offset and dispersion of the peer, all in milliseconds. The character at the left margin of each line shows the synchronization status of the association and is a valuable diagnostic tool. The encoding and meaning of this character, called the tally code, is given later in this page.

Furthermore, note that you will get a more accurate reading if you switch from using the generic worldwide 'debian' pool, to a country specific one, as described on How do I setup NTP to use the pool?.

Re:non-root ntp server

[cortana]

Probably not. ntpd has to be able to set the system clock, and has to be able to listen on port 123.

Re:how to get ntpd to stop listening on all interf

[cortana]

Use the -I option.

Typical OpenBSD FUD...

[cortana]

But this feature seems to have been implemented back in February 2005.

Undo moderation

[Asgerix]

I did the exact same thing recently, only my "Oops" post was moderated down as offtopic! Anyway, I wrote to Rob Malda about the problem, and here is his answer:

yeah adding some sort of undo is on our todo list, but it's not quite
that simple... there has to be a time window where you can undo your
actions... maybe 60 seconds or something... so it's more complicated
than just having an undo button somewhere.... we'll get there
someday..

Re:Not so much the chips, but the timebase crystal

[TheLink]

Maybe they stopped using crystals and are just using capacitors.

Or they just don't bother to calibrate/adjust the crystals.

Why I quit: ntpd sucks

[Just+Some+Guy]

Flamebait subject, but I kind of mean it.

I was in the pool for a while but quit because ntpd is wholly incapable of protecting itself. I ended up with about 50 abusers that polled for time once a second. I tried using the built-in filtering but it doesn't work, so ntpd was gleefully replying to each and every one of those requests.

Keep in mind that it has the logic to detect abusers - it just won't do anything about it. Well, it can be made to send a KOD (Kiss Of Death) packed that should make clients blacklist the server, but those same broken clients ignore KODs. I kid you not, the standard recommendation is to firewall them off.

What? ntpd already knows its internal state, including a list of abusers. The code could be as simple as "def sendTimePacket(clientaddr): if clientaddr in blacklist then return; else sendpacket(clientaddr);", but they suppose that it's easier to write an external program to monitor that state, general firewall rules, connect to the firewall host, and insert them. No, really, that's not easier at all.

I like NTP and I liked the idea of helping serve it to the world, but until ISC decides to support at least basic anti-DOS functionality in ntpd, I won't be joining the pool again. And by "support", I mean at least lend moral support to people who would be willing to the work, instead of just telling them to alter their firewall.

Re:Why I quit: ntpd sucks

[Just+Some+Guy]

Did you read what I wrote? People have asked about that many, many times and the answer is always "just use your firewall". There's seemingly little interest in that functionality.

We bought one from these guys.

[KenSeymour]

http://www.timetools.co.uk/

They are a lot more than $20. Now I am just waiting for the customer to
provide another hole in the roof so we can get our GPS antenna outside.

Re:Not so much the chips, but the timebase crystal

[Ellis+D.+Tripp]

A cheap wristwatch uses the same type of crystal found in a PC's clock, but the body heat from your wrist tends to keep the internals of the watch at a nice constant temperature.

Even the cheapest watches that I have seen have an internal trimmer for adjustment, as well.

Re:NTP Isn't Accurate

[Dan+Ost]

But you really can't argue against the NTP pool as a default setup, since it works everywhere.

It is an excellent default setting, but it doesn't work everywhere. For example, none of my work machines can
reach it through the corporate firewall. Too bad, really. I can only hope that our corporate time servers are
as reliable as the NTP pool is.

1000 server are overkill

[jagdish]

640 servers ought to be enough for anybody.

Re:how to get ntpd to stop listening on all interf

[ZeekWatson]

-I does interfaces, not IPs. However in my case it does not ntpd from listening on several IPs. Thanks!

Re:Why not make it peer-to-peer

[emj]

A Sys Admin friend once got the great idea to use his unsynchronized servers to sync time with each other. He didn't really need the correct time, just consistent among all the servers. Well it was a lot worse, the servers couldn't keep the time at all, jumping 200ms back and forth.

Inconsistency?

[kholburn]

Does anyone else see an inconsistency in these two sentences?

This is happy news, but the 'time backbone' of the Internet, provided for free by volunteers operating NTP servers, requires still more servers in order to cope with the demand. Millions of users are synchronizing their PC's system clock from the pool and a number of popular Linux distributions are using the NTP pool servers as a time source in their default ntp configuration.

If you have a static IP address and your PC is always connected to the Internet, please consider joining the pool. Bandwidth is not an issue and you will barely notice the extra load on your machine."

They haven't got enough because of the amount of traffic but if you join the pool you will hardly notice the extra load?

Re:Inconsistency?

[ask]

We take a Really Long View. This isn't a short term "this would be fun, let's just try it" kind of project.

Yes, the traffic has been growing faster than the number of servers in the last ~9 months, so at the current rate it's Just Not Going To Work. We continuously need With all the people who've joined in the last ~20 hours we're in better shape, again. :-)

Huh? Most home users should use their ISP.

[fizzup]

This is what I do:

1) traceroute www.google.com

2) Pick the first router that belongs to my ISP.

3) Use it as my time server.

Re:NTP Isn't Accurate

[ask]

Mr Anonymous,

If you find any servers in the pool that are giving you bad time, please let me know.

In the NTP Pool system I have millions of measurements from just the last month. We take a server out of the pool pretty fast if it's not giving good time.

  - ask

not really

[zogger]

One per local network, not one per computer. No need at all for one per computer.. And the main point was they were saying that it was becoming burdensome and needing all these time servers, begging for help in other words. And you need a true static IP to help, which eliminates 99% of the computing public right there, as in, most people don't pay for an expensive business account so they don't get static IPs. They may get a dynamic that doesn't change for a long time, but it isn't static.. I just a thought a neat way to do it per company or per household would be an attachment device to the clocks, or rather, a clock that was designed to also fulfill this purpose. So it cost 15 dollars instead of ten, who cares, they are cheap now and the extra circuitry and attachment cord couldn't cost that much more to add it on with USB.

Re:Not so much the chips, but the timebase crystal

[Jonner]

The RTC chip runs independently of the CPU, powered by a battery, which is why it keeps time at all when the system is powered down. However, I have wondered if the CPU's access of the RTC might somehow skew it slightly.

Re:Not so much the chips, but the timebase crystal

[Jonner]

There might be something to that, as internal PC temperature sure isn't stable, especially if the machine isn't always on or off. That would be an interesting theory to test. I could buy three identical cheap watches, then wear one, put one in the freezer, and one on my desk.

Re:Not so much the chips, but the timebase crystal

[pintpusher]

AH HA! Today, I actually didn't fall for your .sig!! ;-P I'm embarrassed to admit that it's caught me more than once...

Re:Not so much the chips, but the timebase crystal

[TheLink]

Sorry bout that.

Still, it's good to know you're no longer falling for it. Hope that makes you less likely to click on other dubious links as well.

One of my colleague's sending dubious links in his skype today, and the other day I got IM'ed a message that said to the effect that the person's mom died in a car crash and linked to the pictures.

Another thing you might want to watch out for - stuff like tinyurl. You can turn on the "preview" feature in tinyurl, but I wouldn't assume that'll always work - after all it could be tinyur1.com instead of tinyurl.com ;).

He's right

[AVee]

And it's fricking bizar there is so much bullshit modded insightfull here. NTP works best with consistent latency, the chances of getting consistent latency are generally bigger with server which are close to you, but the current NTP implementations are not trying magically locate a close server. They will use the servers they happen to get. You will have to edit your ntp.conf to use .pool.ntp.org to get at least servers in your own country. Better yet, get an ISP which provides a decent set of ntp servers and use these.

Re:Not so much the chips, but the timebase crystal

[pintpusher]

Still, it's good to know you're no longer falling for it. Hope that makes you less likely to click on other dubious links as well. I'm not really that likely to click on dubious links, though we all do it on occasion I'm sure. The couple times I've fallen for your little trick, I was deeply interested in the thread I was reading (not sure what that says about my taste, but that's another issue) and your post was interesting enough that it made sense that it would generate a lot of replies. It was totally natural and automatic to click your link. The sad thing is I don't think the "Too Many Replies" thing even really happens anymore with the whizbang new slash2.0. Ah well. At least it's fun!

Multicast

[ecloud]

If only the ISPs wouldn't block it...

Every machine in the world connecting via TCP to ask "what time is it?" sure doesn't sound very efficient does it?