Servers and workstations use Network Time Protocol (NTP) to synchronize the date and time over the internet with high accuracy. The NTP Pool Project is a collection of public NTP servers, which lets anyone synchronize their computer's time with a set of reliable servers. In this guide, you'll learn how to set up an NTP server on a Debian 10 VPS and then how to add it to the NTP Pool.
You need an updated and secure Debian 10 VPS. The NTP server software doesn't use many resources, so you could run this in the background on a VPS that you're using for something else.
If you plan to add your server to the NTP Pool project, you must commit to running the server for an extended time. Joining the pool is a long term commitment. Some ntp clients may take take weeks, months or even YEARS before the traffic completely goes away. The NTP Pool project has a page with configuration recommendations for servers joining the pool.
ntpd is one of the most popular NTP servers, and it's the one recommended by the NTP Pool. Download and install it:
# apt-get install ntp
The server needs a reliable time source, such as a public NTP server. It's good practice to synchronize with four to seven other NTP servers.
The NTP.org wiki has a list of public Stratum One and Stratum Two servers. Check the description and access policies of servers, and notify the server owner before using the server if they request notification.
Your choice of upstream servers determines the stratum of your server. Stratum is the hierarchy of NTP servers. Stratum 1 servers get their time from a reference clock such as GPS. If you choose a stratum one upstream server, your NTP server is stratum two. A low-stratum server is desirable for applications the require extremely accurate time. For the NTP pool, anything up to stratum four is fine.
Edit the file
Comment out any other lines starting with
pool in the default configuration file, as it may contain default servers configured by Debian.
Add a line for each of the servers you chose in the earlier step:
server ntp1.example.com server ntp2.example.com server ntp3.example.com server ntp4.example.com
For server security, include the following line to restrict the queries that clients can make on the internet.
restrict -4 default kod notrap nomidify nopeer noquery limited
Include the following line as well if you plan to use IPv6:
restrict -6 default kod notrap nomidify nopeer noquery limited
Include this line to allow you to query the NTP server for statistics from the loopback (127.0.0.1) interface:
Save the configuration file, then restart the NTP server:
systemctl restart ntp
The NTP server should now be running. If you use a firewall, unblock port 123/UDP. If you use UFW, run the following commands:
# ufw allow 123/udp # ufw reload
You can test the NTP server locally using the
ntpdate package to view the server's current stratum, the offset from the system clock, and the time it took for the server to respond.
# apt-get install ntpdate # ntpdate -q 127.0.0.1
When the NTP server starts, it may show stratum 16 for a couple of minutes while it catches up with its' upstream servers.
After the server has finished synchronizing, other systems can use the
ntpdate command to set the system time from your server's public IP:
# ntpdate 203.0.113.1
You can view the status of the upstream servers, as well as their offset, delay, and stratum from the server:
$ ntpq -p
If you've tested the server and it works, you can optionally add it to the NTP Pool, a project providing a distributed set of NTP servers for public use.
If you own a domain, it may be a good idea to create a DNS A record for your server so that you can add it to the pool using a hostname. Then, if your server's IP address changes in the future, you can update the domain's DNS records instead of removing and re-adding the server to the pool.
Sign up for an account on ntppool.org, then go to the 'Manage Servers' tab. On the right side, enter your server's hostname or IP address, and click 'Add'.
The NTP Pool tries to geo-locate your server's IP address and add it to the correct regional group, but you can specify the correct location in the 'Comments' box if the location is wrong.
After adding your server, the NTP Pool's monitoring system tests the accuracy of the time sent by your server. The NTP Pool assigns a score as the monitoring system checks your server. On the 'Manage Servers' page, you can view a graph of your score over the last 24 hours.
The NTP Pool includes servers if their score is higher than 10. The monitoring system checks your server a few times every hour, and it might take up to 24 hours for your server's score to reach 10. After that, if your server is unresponsive or returns an inaccurate time, your score drops, and the NTP Pool automatically removes servers if their score drops below 10.
You can also adjust your server's link speed from the Manage Servers page. While the link speed shown on the NTP Pool page does not always represent the number of connections your server receives, it's still a good way of managing the amount of traffic your server receives. It may help set the link speed to the lowest setting and then gradually increase it to ensure your server can handle the traffic.
In this guide, you've learned how to configure a public-facing NTP server and then added it to the NTP Pool to contribute to the group of global NTP servers.
If you plan to keep your server in the NTP Pool, you should subscribe to their mailing list and check their forums to make sure that you stay up to date with any news or changes to the pool.