[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setup a local ntp server on debian

On Wednesday 23 September 2009 14:58:59 Israel Garcia wrote:
> 1. Which do you suggest to use? openntpd or ntp server?

I prefer openntpd.  The other ntpd is more feature-rich and is a more recent 
protocol version, so it might be better though.

> 2. Can I setup redundancy with any of them?

Redundancy is sort of built into the ntp protocol.  If you configure all the 
clients with all the servers, they will automatically use whichever one(s) are 

You can prevent having to reconfigure clients when a new server is added by 
using a "servers" line in openntpd with a host name and then adding multiple A 
records to that host name.  On startup it gets all the IP addresses associated 
with that name and handles it as if they were each listed with a "server" 

> 3. What client should I use to synchronize other boxes clock? ntpdate
> command  or ntp daemon client?

I prefer the daemon.  It's not for any real reason I can think of, although I 
suppose it might level the load against the servers a bit because you won't 
have the clients requesting new timestamps all at once.

> 4. Should I use a local NTP or do you suggest all client synchronize
> to an external server?

If you have a large number of clients, you should probably have 1-3 servers 
that synchronize off the pool and have your internal clients synchronize off 
of them.  That should save "external" bandwidth (good for you) and reduce the 
load on the pool (good for others).

My configurations:
rei: (openntpd)
listen on *
servers us.pool.ntp.org

ichi: (openntpd)
server rei

monster: (openntpd)
servers us.pool.ntp.org

[rei's firewall doesn't allow external connections to the ntp daemon, only 
from ichi.]
Boyd Stephen Smith Jr.           	 ,= ,-_-. =.
bss@iguanasuicide.net            	((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy 	 `-'(. .)`-'
http://iguanasuicide.net/        	     \_/

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: