Works with typical bad clients but most ignore KoD packets anyway
so just avoid the MRU list overhead and sending KoD - see
http://doc.ntp.org/current-stable/rate.html for how it works.
>>> restrict source notrap nomodify noquery
restrict source added with pool in 4.2.7p22 2010/04/02,
docs updated in 4.2.7p24 2010/04/13.
>>> restrict 127.0.0.1
>>> restrict -6 ::1
>>>
>>> pool 0.pool.ntp.org
Add preempt to pool statements to drop unselected servers and
acquire new servers to maintain a majority clique - see below.
>> How many servers should the client use at the same time? The
>> default value of tos maxclock is 10, so it would use 10 servers.
>> That seems a bit excessive. If it should be equivalent to the
>> current recommendation, the config would need to include
>>
>> tos maxclock 4
Keep it odd - tos maxclock 5 - for sync, majority clique requires
truechimers *>* falsetickers - truechimers == falsetickers is
*unsynced* - 5 allows 2 servers "off" in some way at the same time
(e.g. during weekend maintenance windows when servers often drop
out - YMMV) see http://doc.ntp.org/current-stable/select.html .
>> Also, how about adding the iburst option? Considering that a
>> significant part of NTP traffic is from ntpdate (which sends four
>> packets in 2s interval) and that most Linux distributions seem to
>> use iburst in their default ntp.conf, I think it could be
>> recommended to everyone.
>
> Hmm, I could get convinced of that.
Also add iburst to pool statements.
And only use minpoll and/or maxpoll on local ref clocks.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
_______________________________________________
questions mailing list
ques...@lists.ntp.org
http://lists.ntp.org/listinfo/questions
May also want to unrestrict all LAN addresses - safe for small
home or business LANs, not for e.g. campus situations - or add
but comment out?
restrict 10.0.0.0 mask 255.0.0.0 # private net allow all packets
restrict 172.16.0.0 mask 255.240.0.0 # private net allow all packets
restrict 192.168.0.0 mask 255.255.0.0 # private net allow all packets
Have you ever watched NTPD output when the polling interval reaches 10 (= 1024 seconds) or higher? NTPD acts just like the integral term in PID control, i.e., the yo-yo effect: Over several hours the offset drops to between -2 and -3 milliseconds; then over a period of 10 hours, or so, it reaches about +2 milliseconds offset. Then over the next 8 hours it slowly and fitfully drops to between -2 and -3 milliseconds again. It that 8 hour decline from +2 to -2 to -3 millis, in each case when I looked at it (11/24-11/27/16), it made a sudden (2 hour) spurt at the midpoint of the 8 hours to zero offset, but then resumed its slow and fitful decline to between -2 and -3 millis. Given that it is not hard to maintain sub-millisecond offsets (if the NTPD client is using stratum 1 timeservers and has a fast (over 20-25 Mbps) connection to the Internet), a constant swing of ~5 milliseconds in offset from the correct time is discouraging. I would wager that the offsets are larger with pool servers.
Charles Elliott