Fri, 21 May 2004
Four servers
Apparently the methods that NTP implementation use to detect bad time sources want 4 servers as sources. I guess that means that an ideal NTP site config would consist of 4 hosts that refer to upstream time (either other servers, or GSM/radio clocks/GPS sources), and that are peer with each other. The broadcast hosts then refer to those four as the site upstream NTP servers.
Another useful tip:
ntpq -p | grep --silent ^\*
will tell you if your local ntpd has latched onto a good upstream time source.
Tue, 30 Mar 2004
NTP Config
The guys over at JuiceCo have a great page on NTP configuration. Rather than reproducing their excellent work here, I suggest that you go there and check them out instead.
NTP policy
All hosts should be in the UTC timezone (Etc/UTC). Users should be encouraged to override this setting via the TZ environment variable.
All hosts should run an NTP client. Too many security and communication systems depend on the correct time.
There should be two site primary NTP servers that query external higher stratum servers. Good choices for these are the same hosts that are your primary caching DNS servers.
Each subnet should have an NTP server acting as a broadcast server. These should reference the primary NTP servers only, to reduce external traffic.
The default NTP client config should just listen for broadcast NTP announcements.