How to Configure NTP for Use in the NTP Pool Project

May 21, 2017

Daniel Ziegenberg wrote a tutorial for Digital Ocean on configuring NTP for the NTP Pool on Ubuntu. Oliver Nadler has another tutorial covering non-Ubuntu, too.

NTP Pool Forum

Jan 1, 2017

There’s a new forum for discussion related to the NTP Pool at community.ntppool.org. Please come join us. There are a couple interesting threads about the recent leap second and lots of empty space for your questions or suggestions. :-)

Continue Reading →

Excessive load on NTP servers

Dec 19, 2016

Since last Tuesday some countries have seen an excessive number of queries to the NTP Pool.

After much detective work on nanog (conclusion) and the #NTP IRC channel it was determined to be a buggy Snapchat app update.

Continue Reading →

Equipment failure

Nov 29, 2016

A network switch failed causing an outage for the management system and the NTP Pool website. The DNS and NTP services should only be minorly affected, even if the outage lasts a little while. I’ll update status website with updates.

NTP Best Current Practices

Nov 4, 2016

The IETF has published a new version of NTP Best Current Practices documenting learned best practices on how to run NTP servers and clients.

If you know a little about the NTP protocol reading it will be a quick way to learn more about how it works “in the wild” (including on your own systems).

Continue Reading →

System status page

Aug 27, 2016

Thanks to the kind folks at statuspage.io we now have a system status page. It’s also available at an alternate domain.

Most of the data is updated manually, so it won’t be any better than the busy humans can manage, but it’ll be a better system for giving system updates than posting here (or on the dicussion mailing list).

Continue Reading →

Login upgrade deployed

Apr 23, 2016

The new login system that was tested on the beta site has been enabled on the production site. The login system is now using Auth0 to add more login options than yet another username and password. If you have a Github, Google, Microsoft or other supported account you can use that to login. If you are one of the many existing users, you have to create a “new account” (sign up again) with the email address you previously used to login to your account.

Continue Reading →

New login system

Jan 4, 2016

This week we’re testing using Auth0 to login on the beta site. This will hopefully make the user account management much easier for everyone.

The beta site is a full installation of the system running with a separate database that gets new code before the regular site.

Continue Reading →

Important ntpd vulnerability, please upgrade

Dec 22, 2014

As you might have seen a few days ago several potentially critical security vulnerabilities in all versions of ntpd were announced.

Most OS’es have released back-ported fixes. Depending on your specific ntp and network configuration you might not be exposed, but the easiest way to make sure your systems aren’t vulnerable is to apply the software updates and make sure ntpd has restarted on the fixed version.

Alternatively you can read the announcement page linked above carefully and make configuration changes to mitigate the issues.

If you have built ntpd from source, the easiest fix is to update to 4.2.8. If you have trouble building that version, there’s a “4.2.8p1-beta1” version available now from support.ntp.org as well with some fixes.

If you aren’t already subscribed then you might be interested in subscribing to the NTP Pool discussion mailing list. For general discussion of NTP there’s the comp.protocols.time.ntp newsgroup.

Important configuration changes for NTP servers

Jan 12, 2014

If you are using the standard ntpd daemon to serve time to the public internet, it’s important that you make sure it is configured to not reply to “monlist” queries. Many routers and other equipment are included in this.

The configuration recommendations include the appropriate “restrict” lines to disallow any management queries to ntpd. Most Linux distributions will have an updated version by now that just disables the “monlist” queries, that will also solve the primary problem.

The NTP Support wiki has more information.

If you operate a network you can use the Open NTP Project to see if you have vulnerable devices on your network.