pool.ntp.org


pool.ntp.org: public ntp time server for everyone

Introduction

Active Servers

As of 2016-08-25

The pool.ntp.org project is a big virtual cluster of timeservers providing reliable easy to use NTP service for millions of clients.

The pool is being used by millions or tens of millions of systems around the world. It's the default "time server" for most of the major Linux distributions and many networked appliances (see information for vendors).

Because of the large number of users we are in need of more servers. If you have a server with a static IP address always available on the internet, please consider adding it to the system.

The project is maintained and developed by Ask Bjørn Hansen and a great group of contributors on the mailing lists. The source code for the system is available.

Hosting and bandwidth for the "hub" servers are provided by Develooper and Phyber Communications.

go up

News

Atom feed Subscribe in a reader

  • April 23, 2016

    Login upgrade deployed

    The new login system that was tested on the beta site has been enabled on the production site.

    The login system is now using Auth0 to add more login options than yet another username and password. If you have a Github, Google, Microsoft or other supported account you can use that to login.

    If you are one of the many existing users, you have to create a “new account” (sign up again) with the email address you previously used to login to your account. No passwords have been transferred over.

    If you have any trouble, please use the form below the login box and we’ll help.

    Currently if you login with separate accounts that all use the same email address, it will log you into the same account. Support for merging accounts with different verified email addresses might come later.

  • January 4, 2016

    New login system

    This week we’re testing using Auth0 to login on the beta site. This will hopefully make the user account management much easier for everyone.

    The beta site is a full installation of the system running with a separate database that gets new code before the regular site.

    If you have a server running ntpd you can try adding it, even if it’s not a server appropriate for adding to the main pool.

    The healthy servers registered on the beta site do get published in DNS (1.beta.grundclock.com, etc), though nobody should be using those names other than when testing the beta site!

  • December 22, 2014

    Important ntpd vulnerability, please upgrade

    As you might have seen a few days ago several potentially critical security vulnerabilities in all versions of ntpd were announced.

    Most OS’es have released back-ported fixes. Depending on your specific ntp and network configuration you might not be exposed, but the easiest way to make sure your systems aren’t vulnerable is to apply the software updates and make sure ntpd has restarted on the fixed version.

    Alternatively you can read the announcement page linked above carefully and make configuration changes to mitigate the issues.

    If you have built ntpd from source, the easiest fix is to update to 4.2.8. If you have trouble building that version, there’s a “4.2.8p1-beta1” version available now from support.ntp.org as well with some fixes.

    If you aren’t already subscribed then you might be interested in subscribing to the NTP Pool discussion mailing list. For general discussion of NTP there’s the comp.protocols.time.ntp newsgroup.

  • January 12, 2014

    Important configuration changes for NTP servers

    If you are using the standard ntpd daemon to serve time to the public internet, it’s important that you make sure it is configured to not reply to “monlist” queries. Many routers and other equipment are included in this.

    The configuration recommendations include the appropriate “restrict” lines to disallow any management queries to ntpd. Most Linux distributions will have an updated version by now that just disables the “monlist” queries, that will also solve the primary problem.

    The NTP Support wiki has more information.

    If you operate a network you can use the Open NTP Project to see if you have vulnerable devices on your network.

  • June 28, 2013

    IPv6 monitoring problems for German servers

    This week we had a period of weird behavior for the monitoring system for (mostly) German IPv6 servers.

    After much back and forth on the mailing list and numerous debugging sessions we got this information from a network engineer at Hurricane Electric:

    A bug was recently discovered in Force10 switches that cause unicast IPv6 NTP traffic to be erroneously broadcast to all ports. Due to this, there are currently access lists in place preventing some IPv6 NTP traffic from traversing the DECIX exchange, as it was causing a storm that generated nearly 1 terabit per second of traffic. This should be resolved in the near future.

    The number of IPv6 servers active in the pool appears to be about back to normal.

    Also this is the answer to “why don’t we have IPv6 servers by default on all the pool zones” yet. As you might know only “2.pool.ntp.org” (and 2.debian.pool.ntp.org, etc) returns AAAA records currently.

  • Older news...

Links

go up
Comments and questions to Ask Bjørn Hansenask@develooper.com