You are welcome to contact our NTP server to update your computer clock. To use the public NTP service, send me a message on the form below to let us know you're using our NTP server. Be sure to include your IP address or address range. Please see the first question below for conditions.
Ideally, please reference our NTP time server by name, ntp.drydog.com. If you must use an IP address (not recommended), that number is currently 18.104.22.168 (subject to change without notice).
You can also contact us by using on the form below.
Drydog NTP Timekeeper
Drydog Press Network Operations
Important Notice: In compliance with the Children's Online Privacy Protection Act of 1998, we do not accept requests from children under 13 years of age.
And without further ado, here are the most frequently-asked questions (FAQ).
Q: Can I use your NTP server?
A: Yes. This server is for use by the public. Feel free to use it, subject to these conditions:
Q: How do I set up my NTP client software?
That depends on what software you are using. Please consult the documentation that came with your software. See above for the hostname of our NTP service.
Q: Where is software and documentation available?
A: NTP software, including pointers to commercial and non-commercial NTP software, is at http://www.ntp.org/ NTP tips and a tutorial are at http://geodsoft.com/howto/timesync/
Q: I get a "connection refused" message
when trying to connect to your server. What's wrong?
A: You're probably trying to connect to the wrong TCP/IP port. The NTP server uses UDP port 123 ("ntp"). Other time clients use other time protocols. That is, port 13 ("daytime"), 37 ("time"), or 525 ("timed"). None of these other protocols are supported by this server. Please make sure your client software supports "NTP" and not some other time protocol.
Q: I get a "no route to host" message
when trying to connect to your server. What's wrong?
A: The most likely possiblity is your ISP's or your personal's "firewall" is blocking access to NTP's port, 123. Another possiblity is this server is down due to some hardware problem.
Q: What hardware/OS/etc are you running?
A: Currently, it's on a 1.0GHz AMD Sempron, running OpenSolaris with ntpd 4.2.4 (with IPv6 enabled).
Q: How many users do you have?
A: Most days, I see traffic from approximately 500 distinct hosts.
Q: How available is this server?
A: The intention is to provide uninterrupted 7/24 service. However, as a practical manner, this server is available externally about 99% of the time. Most interruptions are due to network connectivity, followed by software issues, power failures, and hardware (usually disk) failures. I will try to keep you informed about network and service status. However, I reserve the right to discontinue this service at anytime without notice.
Q: What is the source of the time at ntp.drydog.com?
A: The machine syncs to three stratum 1 clocks, at UCSD, the San Diego Super Computer Center (SDSC), both in La Jolla, CA, and two NIST time servers in San Jose, CA. The upstream servers change over time due to availability.
Q: Where is this machine located?
A: It's hosted in Fremont, California. Network bandwidth is provided by Hurricane Electric Internet Services.
Q: What timezone does your NTP server use?
A: None. NTP servers use "UTC" time (formerly "GMT" time), which is the same throughout the world. The timezone you are in doesn't matter to this NTP server. The translation to a time zone is handled completely by your NTP client software.
Q: What other network services do you provide?
A: Currently, the machine also serves DNS, web (http), and ftp. These are publically-accessible services, but I do not provide public hosting services.
Q: Why do you run this service?
A: Because I can. It takes very little time or computing resources and it is useful to many. This spirit of cooperative anarchy is one of the things that built the Internet that we know today, yet sadly, very few are still practicing it.
Q: Who are you?
A: I'm Dan Anderson. On the Internet, I'm most likely best known for writing the Solaris x86 FAQ and the Simple Whois Daemon. My employer is Sun Microsystems, although Sun is in not involved in this effort. I do this on my own time without Sun hardware, proprietary Sun software, or Sun support. I've been running Internet servers continually since 1994 and I've been actively using the Internet since 1982.
I hope that you find this service useful. If you have any further questions or concerns, or you've just got something to say, feel free to contact me.
Timekeeper, drydog.com domain
[Back to Top]
MS Windows 2000 and newer have an NTP client built-in, a very smart one which not only synchronises your clock but also tweaks the rate of the clock so that it keeps better time anyway. If the Windows Time service is not already started, set it up as follows:
This setup will automatically start the time synchroniser after every
restart. If the Windows Time service had already been started, then
just use the following commands:
net stop "Windows Time"
net time /setsntp:xxx.xxx.xxx.xxx net start "Windows Time"
where xxx.xxx.xxx.xxx is the DNS name or IP number of the new NTP server. [Thanks to NiShFiSh for this Windows 2000 information].
A free NTP application is availablle for Windows at http://www.meinbergglobal.com/english/sw/ntp.htm
[Back to Top]
NTP (Network Time Protocol) was invented to synchronize computer clocks in an internet network environment. Unlike other time protocols (e.g., timed), NTP seeks to synch to the most accurate clock rather than "average in" errors from multiple time sources. Clock sources are categorized by stratums (levels) away from master clock sources (that have short-wave radio or GPS connections to the U. S. Naval Observatory).
If a master clock source isn't available, you can arbitrarily choose a system's local clock source (quartz crystal) and use it as your master time server. A crystal in a computer usually isn't an accurate or uniform time source, because of variations in temperature and because the crystals used are usually lower quality as those found your watch. This applies equally to cheap PCs or expensive Sun servers. Only DEC (now Compaq, later HP :-) Alpha servers actually try to use accurate crystals and even those still benefit from NTP. However, at least you can make it a uniform time reference across multiple systems.
NTP is useful for synchronizing the time for software distributed on multiple hosts (for example, RPC, Remote Procedure Calls). Most access control mechanisms use time stamps, and therefore require systems to have their time synchronized. Finally, another benefit of NTP is ensuring accurate timestamps in log files, which greatly aids diagnosting network and network software problems.
I run a public time server at ntp.drydog.com (on my own time and own hardware--it's not related to my work or supported by Sun). If you live in Western North America, you're welcome to use it. Please send me a message on the form above to let me know you're using our NTP server.
To avoid overloading external NTP servers, please don't connect more than two of your NTP servers to an external NTP servers from your site. If you need more, setup your own time server(s).
You can also use a GPS or a radio clock connected to a Solaris system to serve as a "master time source." You need a driver to access the clock source (be it a radio clock (accessing short-wave station WWV), a GPS, or radio clock). The clock source is usually connected to Solaris through a serial port. Some drivers come with ntpd itself (newer versions have more drivers). Other drivers may be provided by the manufacturer. More background information on NTP is at http://www.ntp.org/
# ntpdate myntpserver 28 Aug 13:57:01 ntpdate: step time server 192.168.96.107 offset -2.881116 sec
A message appears only if the current time is off by more than 0.5 seconds. In any case, the time is adjusted. You can't run ntpdate if the ntpd server is running.
If you keep getting the message and want to get rid of it, try adding another NTP server to your ntp.conf file.
If you have a multicast network setup on your local subnet, you can use snoop (as root) to verify there are NTP broadcasts. For example:
(replace "eth0" with the NIC device name connected to the multicast network.
# netstat -rn | egrep 'Gateway|224' Destination Gateway Flags Ref Use Interface 22.214.171.124 192.168.41.75 U 1 0 eth0 # snoop -d eth0 126.96.36.199 Using device /dev/hme (promiscuous mode) dogbert -> 188.8.131.52 IP D=184.108.40.206 S=192.168.41.82 LEN=28, ID=24368 ratbert -> 220.127.116.11 NTP broadcast (Tue Aug 21 13:35:39 2001) catbert -> 18.104.22.168 IP D=22.214.171.124 S=192.168.41.92 LEN=28, ID=60455 dilbert -> 126.96.36.199 NTP broadcast (Tue Aug 21 13:36:43 2001)
This does not apply to programs and software that have been upgraded to run in 64-bit mode. However, it's a good question to ask whether all (or even most) current (and near-future software) will be converted in time.
There's a proposal for a new "struct xtime" in time.h for the new ISO C 200X standard. The struct xtime will have a signed 64-bit second counter, sec, and an unsigned 32-bit nanosecond counter, nsec. This handle time overflowing in 2038. It will also represent time from the big bang to well after the Sun's burnout. Also addressed in the proposal are other precision time problems, such as leap seconds and function reentrancy.
Why is ntpd software considered munitions? Because it contains the DES encryption algorithm (source file authdes.c). This is true even though DES code is easily available throughout the world and DES is easily cracked by brute-force attack (although triple DES can't be cracked). Anyway, to protect yourself and Sun legally, DES can be disabled in the makefile configuration. This is important to note if you're building or distributing another version of ntpd.
ntpq -c version strings /usr/lib/inet/xntpd |grep 'xntpd '
These patches fix one or more of the following bugids: 4201436, 4279094, 4247629, 4247629, & 4169744.
You probably just copied the sample /etc/inet/ntp.server file to /etc/inet/ntp.conf To fix this, just comment out any line that has "key" in it. That is,
can't open key file /etc/inet/ntp.keys: No such file or directory trusted key 0 unlikely 0 makes a poor request keyid 0 makes a poor control keyid
If you really want to use NTP "key" authentication, read the xntpd(1M) man page and set it up properly. Keys over 65535 don't work (bugid 4157778) Most people don't bother to use this feature.
#keys /etc/inet/ntp.keys #trustedkey 0 #requestkey 0 #controlkey 0
Note: the source for NTP version 4.0.99g or greater also has the fix for the April 2001 security hole.
Workaround: If your server is accessible from the external Internet, disable xntpd(1M) immediately until you patch it.
Sad to say, but this bug was used as an example, in a whitepaper by IBM, to show how much slower Sun reacts to security problems than Linux (or even IBM AIX).
* Linux Security "State of the Union" by Robb Romans and Emily Ratliff of the IBM Linux Technology Center (11 May 2001). This whitepaper is available online from IBM at http://oss.software.ibm.com/developer/opensource/linux/whitepapers/ LTC-Security-Whitepaper-external.pdf (PDF; link is now gone, 2004). Here's the relevant quote (pp. 5-6):
[Back to Top]
2.3 Linux and Open-Source Strengths
2.3.1 Patch Speed
One of the most significant strengths of Linux is the speed at which the community addresses bugs and exploits that arise. A recent example is the Network Time Daemon (ntpd), which is used to synchronize the clock between UNIX machines. Here is the time line for this exploit:
- April 4, 2001 20:27:01 GMT ntpd exploit posted to Bugtraq.
- April 5, 2001 01:49:01 GMT (5 1/2 hours after exploit) workaround posted to Bugtraq.
- April 5, 2001 09:38:47 GMT (13 hours after exploit) a pointer to a FreeBSD s patch to solve the problem posted.
- April 5, 2001 13:33:29 GMT (17 hours after exploit) FreeBSD releases security advisory.
- April 6, 2001 15:31:25 GMT (43 hours after exploit) Mandrake Linux releases security advisory and updated packages.
- April 8, 2001 21:25:00 GMT (97 hours after exploit) RedHat posts advisory including pointers to updated packages to Bugtraq.
- April 10, 2001 (6 days after exploit) IBM released an advisory and a temporary fix for AIX.
- April 11, 2001 (7 days after exploit) Maintainer of ntpd posts updated package on official ntp website.
- May 2, 2001 (28 days after exploit) Compaq releases Advisory and Patch Kit for Tru64 UNIX V4.0g.
- May 11, 2001 (37 days after exploit) Although Solaris is vulnerable, Sun has yet to release an advisory. [Emphasis mine.]
[The following 2 updates were added by me and not in the original paper:]
- October 16, 2001 Sun silently releases patches to fix the problem with the Solaris Recommended and Security Update patch clusters. (195 days after exploit)
- October 23, 2001 Sun releases Security Bulletin #00211 Security Bulletin #00211 (since renumbered as Document 40771) detailing the problem and fix, 202 days after the original exploit was published. Better late than never!
Last updated 5 January 2018.
If you have questions or comments, please send a message to Dan Anderson.