Contribute to the NTP Pool Project with a Debian 10 VPS

Updated on February 18, 2021
Contribute to the NTP Pool Project with a Debian 10 VPS header image

Servers and workstations use Network Time Protocol (NTP) to synchronize the date and time over the internet with high accuracy. The NTP Pool Project is a collection of public NTP servers, which lets anyone synchronize their computer's time with a set of reliable servers. In this guide, you'll learn how to set up an NTP server on a Debian 10 VPS and then how to add it to the NTP Pool.

Prerequisites

You need an updated and secure Debian 10 VPS. The NTP server software doesn't use many resources, so you could run this in the background on a VPS that you're using for something else.

If you plan to add your server to the NTP Pool project, you must commit to running the server for an extended time. Joining the pool is a long term commitment. Some ntp clients may take take weeks, months or even YEARS before the traffic completely goes away. The NTP Pool project has a page with configuration recommendations for servers joining the pool.

1. Install ntpd

ntpd is one of the most popular NTP servers, and it's the one recommended by the NTP Pool. Download and install it:

# apt-get install ntp

2. Choose Upstream Source

The server needs a reliable time source, such as a public NTP server. It's good practice to synchronize with four to seven other NTP servers.

The NTP.org wiki has a list of public Stratum One and Stratum Two servers. Check the description and access policies of servers, and notify the server owner before using the server if they request notification.

Your choice of upstream servers determines the stratum of your server. Stratum is the hierarchy of NTP servers. Stratum 1 servers get their time from a reference clock such as GPS. If you choose a stratum one upstream server, your NTP server is stratum two. A low-stratum server is desirable for applications the require extremely accurate time. For the NTP pool, anything up to stratum four is fine.

3. Configure the Server

  1. Edit the file /etc/ntpd.conf.

  2. Comment out any other lines starting with server or pool in the default configuration file, as it may contain default servers configured by Debian.

  3. Add a line for each of the servers you chose in the earlier step:

     server ntp1.example.com
     server ntp2.example.com
     server ntp3.example.com
     server ntp4.example.com
  4. For server security, include the following line to restrict the queries that clients can make on the internet.

     restrict -4 default kod notrap nomidify nopeer noquery limited
  5. Include the following line as well if you plan to use IPv6:

     restrict -6 default kod notrap nomidify nopeer noquery limited
  6. Include this line to allow you to query the NTP server for statistics from the loopback (127.0.0.1) interface:

     restrict 127.0.0.1
  7. Save the configuration file, then restart the NTP server:

     systemctl restart ntp

4. Test the Server

The NTP server should now be running. If you use a firewall, unblock port 123/UDP. If you use UFW, run the following commands:

# ufw allow 123/udp
# ufw reload

You can test the NTP server locally using the ntpdate package to view the server's current stratum, the offset from the system clock, and the time it took for the server to respond.

# apt-get install ntpdate
# ntpdate -q 127.0.0.1

When the NTP server starts, it may show stratum 16 for a couple of minutes while it catches up with its' upstream servers.

After the server has finished synchronizing, other systems can use the ntpdate command to set the system time from your server's public IP:

# ntpdate 203.0.113.1

You can view the status of the upstream servers, as well as their offset, delay, and stratum from the server:

$ ntpq -p

5. Join the NTP Pool

If you've tested the server and it works, you can optionally add it to the NTP Pool, a project providing a distributed set of NTP servers for public use.

If you own a domain, it may be a good idea to create a DNS A record for your server so that you can add it to the pool using a hostname. Then, if your server's IP address changes in the future, you can update the domain's DNS records instead of removing and re-adding the server to the pool.

Sign up for an account on ntppool.org, then go to the 'Manage Servers' tab. On the right side, enter your server's hostname or IP address, and click 'Add'.

The NTP Pool tries to geo-locate your server's IP address and add it to the correct regional group, but you can specify the correct location in the 'Comments' box if the location is wrong.

After adding your server, the NTP Pool's monitoring system tests the accuracy of the time sent by your server. The NTP Pool assigns a score as the monitoring system checks your server. On the 'Manage Servers' page, you can view a graph of your score over the last 24 hours.

Graph of NTP server score from NTP Pool project

The NTP Pool includes servers if their score is higher than 10. The monitoring system checks your server a few times every hour, and it might take up to 24 hours for your server's score to reach 10. After that, if your server is unresponsive or returns an inaccurate time, your score drops, and the NTP Pool automatically removes servers if their score drops below 10.

You can also adjust your server's link speed from the Manage Servers page. While the link speed shown on the NTP Pool page does not always represent the number of connections your server receives, it's still a good way of managing the amount of traffic your server receives. It may help set the link speed to the lowest setting and then gradually increase it to ensure your server can handle the traffic.

Conclusion

In this guide, you've learned how to configure a public-facing NTP server and then added it to the NTP Pool to contribute to the group of global NTP servers.

If you plan to keep your server in the NTP Pool, you should subscribe to their mailing list and check their forums to make sure that you stay up to date with any news or changes to the pool.