Skip to main content

Setting Up an NTP Server Using ntpd

··2 mins·
Linux Ntp
Makoto Morinaga
Author
Makoto Morinaga
A personal notebook for tech notes, coding, and system experiments.
Table of Contents

When managing multiple servers, synchronizing system clocks is essential for proper log timestamping and inter-server coordination. Setting up a dedicated NTP server using ntpd allows automatic synchronization with Japan Standard Time, ensuring consistency across the infrastructure.

For this setup, ntpd is used as the NTP server. While alternatives like chrony exist, this configuration is specifically for ntpd on Arch Linux.

Installing ntpd
#

Execute the following command to install ntp:

Terminal 
sudo pacman -S ntp

Configuring ntpd
#

Edit /etc/ntp.conf to define synchronization sources and access control rules.

Specifying Synchronization Sources
#

By default, ntpd uses server directives for upstream NTP sources. Instead, pool is used for automatic load distribution.

Public NTP servers operated by Internet Multifeed Co. are specified. Additionally, a local time fallback is configured with fudge, ensuring the system maintains a reference time even when external sources are unreachable.

/etc/ntp.conf 
# server 0.arch.pool.ntp.org
# server 1.arch.pool.ntp.org
# server 2.arch.pool.ntp.org
# server 3.arch.pool.ntp.org
pool ntp.jst.mfeed.ad.jp
server 127.127.1.1
fudge 127.127.1.1 stratum 12

Restricting Access
#

Access restrictions are applied to allow synchronization with upstream NTP sources, permit local queries, and restrict access from external networks.

/etc/ntp.conf 
restrict default kod limited nomodify nopeer noquery notrap
restrict 127.0.0.1
restrict ::1
restrict source notrap nomodify noquery
restrict 192.168.10.0 mask 255.255.255.0 nomodify nopeer noquery

Starting and Enabling ntpd
#

Start ntpd with the following command:

Terminal 
sudo systemctl start ntpd.service

Enable ntpd at boot:

Terminal 
sudo systemctl enable ntpd.service

Verifying NTP Synchronization
#

Run the following command to check synchronization status. If `+` or `*` appears before an NTP source, synchronization is successful:

Terminal 
ntpq -p

Example output:

Terminal 
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
ntp.jst.mfeed.a  .POOL.          16 p    -   64    0    0.000    0.000    0.000
LOCAL(1)         .LOCL.          12 l  478   64  200    0.000    0.000    0.000
+ntp1.jst.mfeed. 133.243.236.17   2 u   60   64  377    2.790    0.190    0.636
+ntp3.jst.mfeed. 133.243.236.17   2 u    8   64  377    2.808   -0.018    0.755
*ntp2.jst.mfeed. 133.243.236.17   2 u    4   64  377    2.738    1.666    0.637

Configuring Firewall Rules
#

If ntpd is acting as a public time server within a local network, port 123/UDP must be opened in the firewall settings:

Terminal 
iptables -A INPUT -p udp --dport 123 -j ACCEPT

For further details, refer to: iptables Configuration.

Related

iptables Configuration
··4 mins
Linux Firewall Iptables
Arch Linux Initial Setup
··2 mins
Arch-Linux
Updating Realtek NIC Drivers from net51 to net55 on ESXi
··3 mins
Esxi
iptables Configuration Setting Up an Internal DNS Server Using NSD and Unbound