Public NTP (Network Time Protocol) Service

CalHotels.US Lowest Hotel Rates Guaranteed. Click Here For Yours!
U.S. states: AL, AK, AR, AS, AZ, CA, CO, CT, DC, DE, FL, FM, GA, GU, HI, ID, IL, IN, IA, KS, KY, LA, ME, MD, MA, MI, MN, MS, MO, MT, NE, NH, NJ, NY, OK, NV, MH, MP, NM, NC, ND, OH, OR, PA, PR, PW, RI, SC, SD, TN, TX, UT, VT, VA, VI WA, WV, WI, WY

Introduction
NTP Access Request Form
Frequently-asked Questions with Answers (FAQs)
NTP for Windows 2000 and Windows XP
Infrequently-asked Questions with Answers (Experts Only)
Solaris NTP Questions with Answers (Experts Only)
References

Introduction

You are welcome to contact our NTP server to update your computer clock. To use the public NTP service, send me a message on the form below to let us know you're using our NTP server. Be sure to include your IP address or address range. Please see the first question below for conditions.

Ideally, please reference our NTP time server by name, ntp.drydog.com. If you must use a number, that number is now 207.211.160.111 (subject to change).

You can also contact us by using on the form below.

Drydog NTP Timekeeper
Drydog Press Network Operations

NTP Access Request Form

Frequently-asked Questions with Answers (FAQ)

And without further ado, here are the most frequently-asked questions (FAQ).

Q: Can I use your NTP server?
A: Yes. This server is for use by the public. Feel free to use it, subject to these conditions:

Let me know the IP address or address range that will use this service.
If you contact this server periodically, please limit requests to once each hour or less. It's best to let your NTP client decide how often to contact the server, if it has that ability.
If you have a network of machines that you need to synchronize (3 or more), you must run a local NTP time server (that syncs to me) and then have your local clients sync to that local server.
This service is limited to NTP servers located in the Western United States and Northern Mexico. If you are located elsewhere, please send me a separate request.
I make no guarantee of accuracy or continued availability of this service.

If these conditions bother you, please discontinue using the service now.

Q: How do I set up my NTP client software?
That depends on what software you are using. Please consult the documentation that came with your software. See above for the hostname of our NTP service.

Q: Where is software and documentation available?
A: NTP software, including pointers to commercial and non-commercial NTP software, is at http://www.ntp.org/ NTP tips and a tutorial are at http://geodsoft.com/howto/timesync/

Q: I get a "connection refused" message when trying to connect to your server. What's wrong?
A: You're probably trying to connect to the wrong TCP/IP port. The NTP server uses UDP port 123 ("ntp"). Other time clients use other time protocols. That is, port 13 ("daytime"), 37 ("time"), or 525 ("timed"). None of these other protocols are supported by this server. Please make sure your client software supports "NTP" and not some other time protocol.

Q: I get a "no route to host" message when trying to connect to your server. What's wrong?
A: The most likely possiblity is your ISP's or your personal's "firewall" is blocking access to NTP's port, 123. Another possiblity is this server is down due to some hardware problem.

Q: What hardware/OS/etc are you running?
A: Currently, it's on a 1.0GHz AMD Sempron, running Linux 2.4, and ntpd 4.1.2 (RedHat 9 + Fedora Legacy Updates).

Q: How many users do you have?
A: Most days, I see traffic from approximately 500 distinct hosts.

Q: How available is this server?
A: The intention is to provide uninterrupted 7/24 service. However, as a practical manner, this server is available externally about 99% of the time. Most interruptions are due to network connectivity, followed by software issues, power failures, and hardware (usually disk) failures. I will try to keep you informed about network and service status. However, I reserve the right to discontinue this service at anytime without notice.

Q: What is the source of the time at ntp.drydog.com?
A: The machine syncs to three stratum 1 clocks, including the US Naval Observatory, Falcon AFB, Colorado Springs, CO, NIST at Boulder, CO, San Diego Supercomputer Center, CA, and Truetime.com in Santa Rosa, CA.

Q: Where is this machine located?
A: It's hosted by Precision Moldbase Corporation in Tempe, AZ. Network bandwidth is provided by ATT.Net. My brother is a partner in Precision Moldbase (PMBC) is and they are generously giving me server space in their building. More details about PMBC are at http://www.pmbc.com/

Q: What timezone does your NTP server use?
A: None. NTP servers use "UTC" time (formerly "GMT" time), which is the same throughout the world. The timezone you are in doesn't matter to this NTP server. The translation to a time zone is handled completely by your NTP client software.

Q: What other network services do you provide?
A: Currently, the machine also serves DNS, web (http), and ftp. These are publically-accessible services, but I do not provide public hosting services.

Q: Why do you run this service?
A: Because I can. It takes very little time or computing resources and it is useful to many. This spirit of cooperative anarchy is one of the things that built the Internet that we know today, yet sadly, very few are still practicing it.

Q: Who are you?
A: I'm Dan Anderson. On the Internet, I'm most likely best known for writing the Solaris x86 FAQ and the Simple Whois Daemon. My employer is Sun Microsystems, although Sun is in not involved in this effort. I do this on my own time without Sun hardware, proprietary Sun software, or Sun support. I've been running Internet servers continually since 1994 and I've been actively using the Internet since 1982.

I hope that you find this service useful. If you have any further questions or concerns, or you've just got something to say, feel free to contact me.

- Dan
Timekeeper, drydog.com domain

[Back to Top]

NTP on Windows 2000 and Windows XP

Windows 2000 has an NTP client built-in, a very smart one which not only synchronises your clock but also tweaks the rate of the clock so that it keeps better time anyway. If the Windows Time service is not already started, set it up as follows:

In a Command Prompt window, type the command
net time /setsntp:xxx.xx.xxx.xxx
where xxx.xxx.xxx.xxx is the address of the NTP server that you discovered.
Right-click on "My Computer" and select "Manage".
In the left-hand window, expand "Services and Applications" and select "Services."
In the right-hand window, scroll down and double-click on "Windows Time".
- In the drop-down "Startup type" select "Automatic."
- Click the button "Start" (unless it was already started, in which case the button is dimmed).
- Click on "OK."
Close the window "Computer Management."

This setup will automatically start the time synchroniser after every restart. If the Windows Time service had already been started, then just use the following commands:
net stop "Windows Time" net time /setsntp:xxx.xxx.xxx.xxx net start "Windows Time"
where xxx.xxx.xxx.xxx is the DNS name or IP number of the new NTP server. [Thanks to NiShFiSh for this Windows 2000 information].

A free NTP application is availablle for Windows at http://www.meinberg.de/english/sw/ntp.htm

[Back to Top]

Experts Only: Infrequently-asked Questions with Answers

NTP (Network Time Protocol) was invented to synchronize computer clocks in an internet network environment. Unlike other time protocols (e.g., timed), NTP seeks to synch to the most accurate clock rather than "average in" errors from multiple time sources. Clock sources are categorized by stratums (levels) away from master clock sources (that have short-wave radio or GPS connections to the U. S. Naval Observatory).

If a master clock source isn't available, you can arbitrarily choose a system's local clock source (quartz crystal) and use it as your master time server. A crystal in a computer usually isn't an accurate or uniform time source, because of variations in temperature and because the crystals used are usually lower quality as those found your watch. This applies equally to cheap PCs or expensive Sun servers. Only DEC (now Compaq, later HP :-) Alpha servers actually try to use accurate crystals and even those still benefit from NTP. However, at least you can make it a uniform time reference across multiple systems.

NTP is useful for synchronizing the time for software distributed on multiple hosts (for example, RPC, Remote Procedure Calls). Most access control mechanisms use time stamps, and therefore require systems to have their time synchronized. Finally, another benefit of NTP is ensuring accurate timestamps in log files, which greatly aids diagnosting network and network software problems.

How do I get access to a "real" external clock?
If you have access to the Internet, see the list of Public NTP Time Servers.
I run a public time server at ntp.drydog.com (on my own time and own hardware--it's not related to my work or supported by Sun). If you live in Western North America, you're welcome to use it. Please send me a message on the form above to let me know you're using our NTP server.
To avoid overloading external NTP servers, please don't connect more than two of your NTP servers to an external NTP servers from your site. If you need more, setup your own time server(s).
You can also use a GPS or a radio clock connected to a Solaris system to serve as a "master time source." You need a driver to access the clock source (be it a radio clock (accessing short-wave station WWV), a GPS, or radio clock). The clock source is usually connected to Solaris through a serial port. Some drivers come with ntpd itself (newer versions have more drivers). Other drivers may be provided by the manufacturer. More background information on NTP is at http://www.ntp.org/
How do I set the time manually from a NTP time server on the network?
Run ntpdate(1M) as root. This sets the time immediately from one or more NTP servers specified on the command line (if they are found "suitable"). For example:
# ntpdate myntpserver 28 Aug 13:57:01 ntpdate[26107]: step time server 192.168.96.107 offset -2.881116 sec
A message appears only if the current time is off by more than 0.5 seconds. In any case, the time is adjusted. You can't run ntpdate if the ntpd server is running.
I get this message when ntpd starts: ntpdate: no server suitable for synchronization found
That's not necessarily an error. Many times ntpdate doesn't trust the time server(s) it's talking to and ignores it (or them). ntpdate is really not needed--it sets the time immediately before the ntpd server starts. ntpd will gradually adjusts the time over a few minutes or several hours depending on how out of sync the local time is. To really see if ntpd is working, wait about 20 minutes after starting ntpd and type the following: ntpq -c peers
If you keep getting the message and want to get rid of it, try adding another NTP server to your ntp.conf file.

I get this error message, and ntpd fails to start: no multicast server suitable for synchronization found
It means there's no multicast NTP server (which uses 224.0.1.1) on your local subnet. You probably just copied the sample /etc/inet/ntp.client file to /etc/inet/ntp.conf To fix this, just comment the "multicastclient 224.0.1.1" line and add "server" lines, 1 for each of your your NTP servers. If you really want to use NTP multicastclients, read the documentation and set up a NTP broadcast server properly.

If you have a multicast network setup on your local subnet, you can use snoop (as root) to verify there are NTP broadcasts. For example:

# netstat -rn | egrep 'Gateway|224'
   Destination           Gateway           Flags  Ref    Use  Interface
224.0.0.0            192.168.41.75         U        1      0  eth0

# snoop -d eth0 224.0.1.1
Using device /dev/hme (promiscuous mode)
     dogbert -> 224.0.1.1    IP  D=224.0.1.1 S=192.168.41.82 LEN=28, ID=24368
     ratbert -> 224.0.1.1    NTP  broadcast (Tue Aug 21 13:35:39 2001)
     catbert -> 224.0.1.1    IP  D=224.0.1.1 S=192.168.41.92 LEN=28, ID=60455
     dilbert -> 224.0.1.1    NTP  broadcast (Tue Aug 21 13:36:43 2001)

(replace "eth0" with the NIC device name connected to the multicast network.

What is the year 2038 problem?
UNIX epoch time is stored in a 4-byte signed integer. The maximum time is therefore 2,147,483,647 seconds after 1 January 1970. This translates into Tues. 19 January 2038 at 03:17:07 UTC (GMT). At 03:17:08, UNIX time wraps back 136 years to -2,147,483,648 seconds or Fri. 13 December 1901 at 20:45:52 UTC (GMT) and disaster strikes. Most software can't handle time before Thurs. 1 January 1970 00:00:00 UTC (GMT) and fail in various unexpected ways. On and after that time, most UNIX (and therefore Solaris) systems will cease to function.
This does not apply to programs and software that have been upgraded to run in 64-bit mode. However, it's a good question to ask whether all (or even most) current (and near-future software) will be converted in time.
There's a proposal for a new "struct xtime" in time.h for the new ISO C 200X standard. The struct xtime will have a signed 64-bit second counter, sec, and an unsigned 32-bit nanosecond counter, nsec. This handle time overflowing in 2038. It will also represent time from the big bang to well after the Sun's burnout. Also addressed in the proposal are other precision time problems, such as leap seconds and function reentrancy.
For details and a thorough analysis of the problem, see Roger Wilcox's "The Year 2038 Problem". For a probable, realistic solution, see the proposed ISO C 200X time.h standard.
How can I start ntpd with more verbose logging (for debugging)?
First stop ntpd with /etc/init.d/ntpd stop and start ntpd directly with the -d option: ntpd -d Messages from ntpd will appear in syslog's messages file.
Is ntpd software considered "munitions" by the U.S. government?
Yes, and therefore requires a license to export outside of U.S. and Canada. This law also applies to re-export, Canadians, and to foreign branches or subsidiaries of U.S. companies.
Why is ntpd software considered munitions? Because it contains the DES encryption algorithm (source file authdes.c). This is true even though DES code is easily available throughout the world and DES is easily cracked by brute-force attack (although triple DES can't be cracked). Anyway, to protect yourself and Sun legally, DES can be disabled in the makefile configuration. This is important to note if you're building or distributing another version of ntpd.

[Back to Top]

Experts Only: Solaris NTP Questions with Answers

These questions are specific to NTP running on Sun's Solaris operating system. Solaris uses an older version of ntpd, so substitute "xntpd" for "ntpd" for answers elsewhere on this webpage.

What version of NTP does Solaris use?
Version 3. For Solaris 8, xntp 3-5.93e (that is NTP protocol version 3, xntp software version 5.93e). For Solaris 2.6 and 7, it was xntp 3-4y. For Solaris 2.5.1, it was xntp 3-2 (multicasting was not supported) and NTP was available only for Sun Enterprise 10000 systems with package SUNWxntp. To find the NTP version and Solaris patch level for NTP on your system, type the following (you don't need to be root):
strings /usr/lib/inet/xntpd |grep 'xntpd ' what /usr/lib/inet/xntpd
There is no plan currently to provide NTP version 4 with Solaris. However, the source is available from http://www.ntp.org/ and (unsupported) binary packages are at http://sunfreeware.com/ mentioned above. NTP version 4 mainly adds better authentication between NTP servers.
With Solaris 8, NTP doesn't start, it never initializes, or it crashes sometime after startup
This is fixed with patch 109667-04 to bugids 4320855, 4330427 & 4279094.
With Solaris 2.6 or 7, NTP doesn't never updates the time or updates it very abruptly.
This is fixed with these patches:
- Solaris 2.6: 107298-03 and 109386-02.
- Solaris 7: 109409-04 (which obsoletes older patch 108338-01) and 107330-02.
These patches fix one or more of the following bugids: 4201436, 4279094, 4247629, 4247629, & 4169744.
I have a Solaris 2.5.1 system and it doesn't have NTP.
Solaris didn't support NTP until 2.6 (packages SUNWntpr and SUNWntpu). For 2.5.1 HW 4/97, you can use the platform-specific package SUNWxntp for Solaris 2.5.1 or some third-party xntpd package. For Solaris 2.5.1, dosyncdr in the /etc/system file must be set manually to 0 (1 is the default).
What NTP documentation is there for Solaris?
- Network Time Protocol User's Guide and the "Examining and Changing System Information" chapter in the System Administration Guide, Volume 2 at http://docs.sun.com/,
- These man pages:
  - xntpd(1M) - Network Time Protocol daemon
  - ntpdate(1M) - set the date and time by way of NTP
  - ntpq(1M) - NTP query program (for troubleshooting)
  - xntpdc(1M) - NTP query program (older version of ntpq)
  - ntptrace(1M) - trace NTP hosts back to their master time source
  - ntp_adjtime(2) - adjust local clock parameters (system call)
  - ntp_gettime(2) - get local clock values (system call)
- "Sun BluePrints" for NTP under "References."
I get an error message about "keys" and xntpd fails to start
If you get one of these errors in /var/adm/messages:
can't open key file /etc/inet/ntp.keys: No such file or directory trusted key 0 unlikely 0 makes a poor request keyid 0 makes a poor control keyid
You probably just copied the sample /etc/inet/ntp.server file to /etc/inet/ntp.conf To fix this, just comment out any line that has "key" in it. That is,
#keys /etc/inet/ntp.keys #trustedkey 0 #requestkey 0 #controlkey 0
If you really want to use NTP "key" authentication, read the xntpd(1M) man page and set it up properly. Keys over 65535 don't work (bugid 4157778) Most people don't bother to use this feature.
Why use "peer" instead of "server" entries in ntp.conf for Solaris 8?
First is bugid 4325813. This causes NTP startup to delay 25 minutes if the ntp.conf file contains a "server" line referring to inactive external time servers. The fix, shown in the bug report, is a 1-line change to the /etc/init.d/xntpd startup script (change /^server/ to /^server|^peer/ ). This fix is in Solaris 9.
Also, the NTP protocol is robust enough to dynamically use the "best" time source. Time servers with lower "stratum" values will be rejected by NTP. Using "server" lines instead of "peer" lines allow external NTP servers to consider the local NTP server as a time source. This is useful, as it provides a NTP server more alternate time sources to consider in the event one or more time servers become unavailable.
Is there a Solaris fix for the NTP security hole found April 2001?
This is a security hole allows remote root access (very serious). It was found 4/4/2001 and is is documented at http://www.securityfocus.com/archive/1/174011 All NTP versions (for Solaris 2.6, 7, 8, & (alpha) 9) are impacted. Patches (released 15 October 2001) are now available from Sunsolve. Use 109667-04 for Solaris 8, 109409-04 for Solaris 7 and 107298-03 for Solaris 2.6. For details, see bugid 4434235.
Note: the source for NTP version 4.0.99g or greater also has the fix for the April 2001 security hole.
Workaround: If your server is accessible from the external Internet, disable xntpd(1M) immediately until you patch it.
Sad to say, but this bug was used as an example, in a whitepaper by IBM, to show how much slower Sun reacts to security problems than Linux (or even IBM AIX).

____
^* Linux Security "State of the Union" by Robb Romans and Emily Ratliff of the IBM Linux Technology Center (11 May 2001). This whitepaper is available online from IBM at http://oss.software.ibm.com/developer/opensource/linux/whitepapers/ LTC-Security-Whitepaper-external.pdf (PDF; link is now gone, 2004). Here's the relevant quote (pp. 5-6):

2.3 Linux and Open-Source Strengths
2.3.1 Patch Speed
One of the most significant strengths of Linux is the speed at which the community addresses bugs and exploits that arise. A recent example is the Network Time Daemon (ntpd), which is used to synchronize the clock between UNIX machines. Here is the time line for this exploit:

April 4, 2001 20:27:01 GMT ntpd exploit posted to Bugtraq.
April 5, 2001 01:49:01 GMT (5 1/2 hours after exploit) workaround posted to Bugtraq.
April 5, 2001 09:38:47 GMT (13 hours after exploit) a pointer to a FreeBSD s patch to solve the problem posted.
April 5, 2001 13:33:29 GMT (17 hours after exploit) FreeBSD releases security advisory.
April 6, 2001 15:31:25 GMT (43 hours after exploit) Mandrake Linux releases security advisory and updated packages.
April 8, 2001 21:25:00 GMT (97 hours after exploit) RedHat posts advisory including pointers to updated packages to Bugtraq.
April 10, 2001 (6 days after exploit) IBM released an advisory and a temporary fix for AIX.
April 11, 2001 (7 days after exploit) Maintainer of ntpd posts updated package on official ntp website.
May 2, 2001 (28 days after exploit) Compaq releases Advisory and Patch Kit for Tru64 UNIX V4.0g.
May 11, 2001 (37 days after exploit) Although Solaris is vulnerable, Sun has yet to release an advisory. [Emphasis mine.]
[The following 2 updates were added by me and not in the original paper:]
October 16, 2001 Sun silently releases patches to fix the problem with the Solaris Recommended and Security Update patch clusters. (195 days after exploit)
October 23, 2001 Sun releases Security Bulletin #00211 Security Bulletin #00211 (since renumbered as Document 40771) detailing the problem and fix, 202 days after the original exploit was published. Better late than never!

[Back to Top]

References

NTP: Network Time Protocol http://www.ntp.org/ All the information you want to know about NTP from the source: Dr. Dave Mills and friends at the University of Delaware, who invented the NTP protocol and ntpd server. Includes pointers to commercial and non-commercial NTP software.
- NTP FAQ Lots of troubleshooting information.
http://geodsoft.com/howto/timesync/ NTP tips and a tutorial
USENET Newsgroup comp.protocols.time.ntp hosts discussions on the NTP protocol.
NTP on HP-UX.
AIX now supports NTP starting with AIX 4. It's at package xntpd in bos.net.tcp.client
Whitepaper on the Windows 2000 Time Service (also applies to Windows XP)
Using NTP to Control and Synchronize Clocks, Sun BluePrint Online series, by David Deeths and Glenn Burnette (2001). Contains an excellent three-part Sun "BluePrint" tutorial on NTP.

[Back to Top]

[Home]

Last updated Friday, 02-Nov-2007 16:51:01 PDT.

If you have questions or comments, please send a message to Dan Anderson.

http://dan.drydog.com/ntp.html

Name:
E-mail:
IP Address, IP Address block, or IP Address range (free format):
Number of NTP servers you wish to connect directly with us
Comment (optional):
	Important Notice: In compliance with the Children's Online Privacy Protection Act of 1998, we do not accept requests from children under 13 years of age.