Matt Wagner wrote: > Hi all, > > I joined the pool a few months ago when I set up NTP on a webserver and > realized I might as well have it help out the community. I've got a few > questions I've acquired over the past few months, which I'll batch > together here.
Thanks for volunteering your server! > - I'm setting up a new server on the East Coast (US). I'm trying to find > some NTP servers that are close (latency-wise), but many of them block > ping. Short of adding them to my ntp.conf and restarting, is there a way > to test their response time? Like others have mentioned, 'ntpdate -q server.address' will give you the network delay, among other things. Another way is to add the server to your upstream source list on the fly via ntpdc. > - A related question: is there a way to modify my server list while the > server's running? Halting ntpd, editing the ntpd.conf, and then > restarting ntpd is problematic, especially when it takes several minutes > for it to get a "fix" upon restarting. Yes it is a hassle and is murder on stability. If you set up authentication you can do this on the fly using ntpdc and avoid having to restart the server every time. I'm not an expert with authentication, but I can tell you how I did it. In your /etc/ntp.conf add the following: # Authentication keys /etc/ntp/keys trustedkey 1 requestkey 1 controlkey 1 Open up /etc/ntp/keys and add the following: 1 M somepassword Make sure the file is readable only by root or by the ntpd user since it will contain a plain-text password. Details about authentication can be found on the Authentication Options page in the official documentation: http://www.eecis.udel.edu/~mills/ntp/html/authopt.html I couldn't find a description of the keys file format in the official docs, but I did find it here: http://tycho.usno.navy.mil/NTP/Version4/authopt.htm Once you have done the above, restart ntpd. Before using ntpdc you might consider patching it to fix a bug described by me here: http://bugs.ntp.org/1003 Quick tutorial on ntpdc: Type ntpdc at the command line. Type 'keyid 1' to specify the keyid that will be used. If you patched it like I mentioned, you don't have to do this, it will prompt for the keyid when you use addserver and unconfig. Read the bug report for the specifics. To add a regular sync source: addserver x.x.x.x iburst To remove a sync source: unconfig x.x.x.x Enter the password you have in your keys file when it prompts. ntpq -pn to get your sources listed by IP address instead of hostname (makes using unconfig much easier). Check out the ntpdc doc page for specifics: http://www.eecis.udel.edu/~mills/ntp/html/ntpdc.html > - I've never seen a good explanation for when it's appropriate to use > the burst/iburst keywords, so I've assumed that it's not appropriate for > me to be using them. (My current server is Stratum 2, so I'm > particularly worried about placing too much of a load on S1 servers.) > Should I leave my settings as-is, or does it makes sense to add them to > speed up its resuming service after restarting? (Which is rare.) iburst is recommended and is good for fast initial sync. burst is NOT recommended unless you are on dialup or some other limited connection, or if you have very long poll intervals. > - Is support.ntp.org <http://support.ntp.org> consistently (very) slow > to load for everyone, or just me? Is this a situation we can help out > with somehow? Yes, I've always had trouble accessing it. It's very slow to respond and sometimes will time out. > - When I set up my server in Texas, there were ample stratum 1 servers > with open access policies, allowing me to become a stratum 2 without > problems. However, it seems that there are fewer open stratum 1s on the > East Coast... Is running a server in the pool considered a good reason > to request permission, or should I just stay at stratum 3? Stratum really doesn't matter for the pool. Keep in mind that once you introduce Ethernet and the internet, accuracies spike into the low millisecond range, so the difference between stratum 3 and 2 is probably not even noticeable to the end user. > Thanks for the help! You're welcome. > -- Matt > (72.36.178.234 <http://72.36.178.234>) Dennis -- Dennis Hilberg, Jr. \ [EMAIL PROTECTED] NTP Server Information: \ http://saturn.dennishilberg.com/ntp.php _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
