From: Randy Bush <randy@psg.com> Date: Thu, 20 May 2004 12:27:48 -0700 Sender: owner-nanog@merit.edu
ntp config hint 2004.05.20
ntpd will not work if your clock is off my a few minutes. it just sits there forever with its finger in its ear. so, at boot, before you start ntpd, use ntpdate to whack your system's time from a friendly low-numbered strat chimer.
For the initial ntpdate, I recommend that you use fairly local, highly reliable hosts. Low numbered stratum is not very relevant. If your clock is off by 600 ms, ntpd will fix it just fine.
do not background ntpdate with -b, because, if it is slow to complete, ntpd can't get the port when you try to start it next in the boot sequence.
Huh? On every system I have worked on (Unix types), -b is the "boot" option and does exactly what you want to do at boot time. It sets the clock immediately by stepping and never slews the time. This is what you want at boot time as you want the time to be correct ASAP, not in a few minuted.
if ntpdate takes a minute and thus adds to your boot time, then something is wrong anyway; fix it.
If you use '-b' and have a list of reachable servers, it should take less than a second.
in case your dns resolver is slow, servers are in trouble, etc. have an entry for your ntpdate chimer in /etc/hosts. yes, i too hate /etc/hosts; but i have been bitten without this hack; named is even more fragile than ntpd.
Rather than put the servers in my hosts file (which would screw up everything should they move), I just five ntpdate a list of servers by IP address. This does everything putting a systems into hosts without the possibility of impacting other stuff.
once ntpdate has run, then and only then, start your ntpd. and read all the usual advice on configuration, selection and solicitation of chimers with which to peer, ...
and then, if having accurate time on this host is critical, cron a script which runs `ntpq -c peers` and pipes it to a hack which looks to be sure that one of the chimers has a splat in front of it. run this script hourly, and scream bloody hell via email if it finds problems.
I use 'ntpq -p', but I'm just lazy enough to save a few keystrokes. Both commands produce identical output. Randy, what version of ntpdate are you running that ntpdate backgrounds on '-b'? -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634