Time serving on a Linux LAN

I have a small LAN (originally using a mixture of Red Hat Linux and Fedora Core Linux, now using multiple computers all running Fedora Core 4 Linux) which periodically connects to the internet over dial-up access.  This means my computers suffer from a few problems:

  1. They can only sync their clocks while on the net.
  2. They may drift apart, though it'd only be by a marginal amount.
  3. The boot sequences pause for a long time, waiting to connect an internet time server.

The obvious solution was to set up a server computer to sync itself whenever possible, and for it to act as the time server for the rest of the network (a technique recommended on http://www.pool.ntp.org/).  To achieve this, I only had to do a few simple things (though the supplied documentation for NTP smothered that information with a mass of other stuff):

  1. Ensure a server computer was using NTP to keep its clock running in sync with an accurate time source (this seems to be the default configuration, anyway).

  2. Configure the server PC to allow the other local PCs to use it.  This involved adding one line to the “/etc/ntp.conf” file:

    restrict mask notrust nomodify notrap
    • My LAN is using local IP addresses–  The network addresses and mask are to suit it, yours may be different.

    • You may need to remove the “notrust” keyword, it's meaning has changed over different versions of NTP.  I no-longer include the keyword on Fedora Core 4 Linux (originally I was using Red Hat 9.0 Linux on the machine acting as the server).

  3. Fudge your local server's local clock to a lowish stratum so that other local computers will still use it as a time source, but will resync to a better time source when they're able to.

    fudge stratum 9

    Using a stratum of 9 means it's considered better than the computer's own time (usually stratum 16 for unsynced, often stratum 12 for stand-alone time servers), but will be considered a poor source of time compared to most other servers (usually stratums ranging from 1 to 4), and will be ignored in those cases (when better sources are available).

  4. Configure the other local PCs time settings to use the local time server (done by adding the address for the time serving PC, and removing entries for other time servers, in their time and date setting GUIs, or directly modifying their “ntp.conf” files).

While not a perfect solution (my time serving PC isn't brilliantly accurate), it's good enough for me.  And in my case, it's probably more important that my computers are in sync with each other more than being precisely in step with the rest of the world.  They'll be close enough while off-line, and they'll automatically sync up when the LAN goes on-line (with the internet).


Example server “/etc/ntp.conf” file

restrict default nomodify notrap noquery

# -- CLIENT NETWORK -------
restrict mask nomodify notrap

# --- OUR TIMESERVERS ----- 
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst



# Undisciplined Local Clock.
fudge stratum 9

# Drift file.
driftfile /var/lib/ntp/drift
broadcastdelay  0.008

# Keys file.
keys /etc/ntp/keys

By default, anything can query the server for what the time is, but no more.

The localhost ( has almost no restrictions.

At least three remote servers are used for the best possibility of getting real time.  Using less than three means you might have to decide between two servers that don't agree with each other, and how would you tell which was right?  Hopefully, using three avoids a stalemate.  Using more than three will slow things down (a bit) as they're all compared, and there isn't (at this time) a 4.pool.ntp.org set of DNS records for servers.  To use more than three, you'll need to find some servers that you're allowed to use (try your own ISP).

A local server is fudged with a medium stratum value (9).

The drift file is used by the server to compensate for errors.

I suspect the system maintains the delay value itself, though all of my servers are showing the same “0.008” value.

The “keys” file is ignored on my systems, as they're not set up to use authentication.  It's just there as a default setting, in case they're reconfigured to use authentication.

Example client “/etc/ntp.conf” file

restrict default nomodify notrap noquery

# -- CLIENT NETWORK -------

# --- OUR TIMESERVERS ----- 
# is the address for my timeserver,
# use the address of your own, instead:
server iburst



# Undisciplined Local Clock.
fudge stratum 12

# Drift file.
driftfile /var/lib/ntp/drift
broadcastdelay  0.008

# Keys file.
keys /etc/ntp/keys

This configuration uses the local time server as the only remote server, it also uses itself as a lesser quality server (stratum 12) if it can't reach the main server (so it'll keep on running, rather than abort).

For more gory details about NTP, go right to the source, and visit the NTP website.  Though bear in mind that individual implementations may vary in behaviour from the default design.

Main sections:
contact details
business info
personal info
eBay & trading
“sales” ads
“wanted” ads
video production
misc info
website info/help
my computers
general info
desktop publishing
typing skills
WWW authoring
internet primer
turn it off?
electrical safety
why use Linux
why I use Linux
compatible hardware
feeling lucky?
Evolution signatures
installing software
auto NTPD restart
local DNS serving
restoring GRUB
overzealous HDD parking
Post-install customising
NFS serving
SMTP settings for Yahoo
time serving