The Network Time Protocol daemon (ntpd) is a daemon of the Linux operating system. It is a complete implementation of NTP and is used to correct the time difference between the local system and the clock source server. Unlike ntpdate, which updates time periodically, ntpd corrects time continuously without time gaps. This document uses CentOS 7.5 as an example to describe how to install and configure ntpd.
- Some operating systems use chrony as the default NTP service. Please make sure that ntpd is running and is configured to launch automatically at startup.
- Run the
systemctl is-active ntpd.service command to see if ntpd is running.
- Run the
systemctl is-enabled ntpd.service command to see if ntpd is configured to launch automatically at startup.
- The communication port of the NTP service is UDP 123. Please make sure that you have opened the port to the Internet before configuring the NTP service.
If the port is not open, please refer to Adding Security Group Rules to open it to the Internet.
Run the following command to check whether ntpd has been installed.
rpm -qa | grep ntp
- If the following result is returned, ntpd has been installed.
- If ntpd has not been installed, run the
yum install ntp command to install it.
ntpd uses the client mode by default.
yum -y install ntp
- Run the following command to open the configuration file of the NTP service.
- Press i to switch to the editing mode and locate the
server configurations. Change the value of
server to the NTP clock source server you want to use (such as
time1.tencentyun.com) and delete unwanted values, as shown below:
- Press Esc and enter :wq to save and close the file.
Run the following command to restart the ntpd service.
systemctl restart ntpd.service
Checking the status of ntpd
Run the following commands to check the status of ntpd as needed.
- Run the following command to check whether the NTP is normally listening on the service port UDP 123.
If the following result is returned, the listening is normal.
- Run the following command to check whether the ntpd status is normal.
If the following result is returned, the ntpd status is normal.
service ntpd status
- Run the following command to check whether NTP has been started normally and configured to the correct NTP clock source server.
The IP address of the current NTP clock source server that was configured earlier should be returned, as shown below:
You can also get the IP address corresponding to the domain name by running the command
nslookup domain name.
- Run the following command to get more detailed NTP service information.
The following result will be returned:
- remote: the name of the NTP server that responds to this request.
- refid: the NTP server one stratum above to which the NTP server on this stratum is synchronized.
- st: the stratum of the remote server. The stratum of a server can be set to 1 through 16 from high to low. In order to relieve the load and network congestion, you should avoid connecting directly to a stratum 1 server.
- when: the number of seconds that have elapsed since the last successful request.
- poll: the synchronization interval (in seconds) between local and remote servers. At the beginning, the
poll value will be smaller, which indicates a higher synchronization frequency, so that the time can be adjusted to the correct time range as soon as possible. Later, the
poll value will gradually increase, and the synchronization frequency will decrease accordingly.
- reach: an octal value used to test whether the server can be connected. Its value increases every time the server is successfully connected.
- delay: the round trip time of sending the synchronization request from the local machine to the NTP server.
- offset: the time difference in milliseconds (ms) between the host and the time source through NTP. The closer the offset is to 0, the closer the times of the host and the NTP server are.
- jitter: a value used for statistics that records the distribution of offsets over a particular number of consecutive connections. The smaller its absolute value is, the more accurate the host time is.
Setting the automatic launch of ntpd at startup
- Run the following command to automatically launch ntpd at startup.
systemctl enable ntpd.service
- Run the following command to check whether chrony is set to launch at startup.
If chrony is set to launch at startup, run the following command to remove chrony from the auto-start list.
systemctl is-enabled chronyd.service
chrony is not compatible with ntpd, which may lead to ntpd start failure.
systemctl disable chronyd.service
Enhancing ntpd security
Run the following commands sequentially to enhance the security of the
/etc/ntp.conf configuration file.
interface ignore wildcard
interface listen eth0