I'd like to call the CockroachDB devs' attention to a new open source project I released last month that's likely to be of interest to you:
Byztime is a Byzantine-fault-tolerant protocol for synchronizing time among a group of peers, without reliance on any external time authority. The time kept by Byztime is simply a counter that advances at a rate of something very close to 1Hz, such that all nodes are in close agreement as to its current value. It provides guaranteed bounds on the offset between any two peers even when up to 1/3 of the network is arbitrarily misbehaving. Byztime is independent of NTP: Byztimed and ntpd can run side-by-side, and a bad NTP time source will not disrupt Byztime.
I'm not a CockroachDB user and have no practical experience with it, but I have studied its architecture docs and it seems to me that Byztime is an excellent fit for CockroachDB's time-sync requirements. Integrating Byztime support into CockroachDB could eliminate public NTP servers as a single point of failure for CockroachDB clusters.