Keeping Your Server On Time With NTP
Our relationship with time is an awkward one. Sometimes we have too much of it to hand, while at others it feels like there’s not enough in the day to get things done. We measure and reference time to coordinate our interactions with each other. Computers also make use of clocks to track the passage of time making it easier to both record when something has occurred and to schedule events for the future.
The Importance Staying On Time
As with any clock, the clock on your computer can both gain and lose time compared to a reference time. This can make problem tracking difficult, as a user may report a problem at a given time but the clock on your server is a number of minutes out, making the correct time in the log files difficult to find.
Fortunately, the network time protocol (NPT) was devised to solve this problem. This protocol allows a networked computer to request the correct time from another computer and update its own clock automatically. The network makes use of reference clocks such as atomic clocks and radio clocks to set servers to a very accurate time. The network then spans out from that in layers, with one layer of servers accessing these master servers directly, another layer of servers than using the previous ones for their time reference. Groups of servers are organized into pools to ensure that no individual server can become a single point of failure for users.
Network Time Protocol
While NTP is often installed with most Linux distributions, it is possible to install without it. If you need to install it then it’s quite simple. For Debian and Ubuntu distributions, use the following commands:
“`
sudo apt-get update
sudo apt-get install ntp
“`
For CentOS and Red Hat distributions use the following command:
“`
sudo yum install ntp
“`
You can configure NTP by editing the */etc/ntp.conf* file. For most users, the default settings here will be fine. The server section is used to specify the address of the server that this one will contact in order to get the correct time. The restrict section can be used to control who can contact your server to query it for the time. This can be helpful to configure if you have multiple servers but want to limit the those that communicate out to the public internet; you can configure one system to talk to the NTP pools while your other servers get their time from that one. Finally, the broadcast settings are used for a server to broadcast the time it gets from the NTP pool out to other servers on its local network, such as a home or office network.
With the configuration set for your needs, the only thing needed to do is to restart the NTP daemon that runs in the background and keeps the clock synchronized. This can be done with the following command on Debian and Ubuntu systems:
“`
sudo systemctl restart ntp
“`
For CentOS and Red Hat systems the command is ever so slightly different:
“`
sudo systemctl restart ntpd
“`
Something to note here is that in recent years NTP has been widely abused to create DDoS attacks due to the way the protocol works. In order to protect your server from participating in such attacks, we recommend that if you are planning for your server to share its time with others that you ensure you limit access to UDP port 123 on your server to those that you intend to be using it for time updates. If you do not intend to share the time with anyone then keeping that port blocked on the server is the best thing to do.