The reasons are many and good for making sure your servers are all set to the same time. The usual way to synchronise time with Unix is through NTP - Network Time Protocol. The ntpd daemon can operate as a server, a client, or a relay system.
One note here. Whilst researching this topic I found scads and scads of information regarding the setting up of Time Servers. For such an apparently simple concept, it can get very involved. However, what I present here are the basics of getting it installed and running, which is really quite simple, and then it's up to the reader to take it to the next levels, if required.
Note you must have PERL installed before continuing. If you are using FreeBSD 6.x or later, PERL may not be present. See Installing PERL
Download the latest NTPD package from ntp.isc.org
, in this case I used ntp-4.2.0.tar.gz [2.4MB].
Perform the usual list of installation
tar -zxvf ntp-4.2.0.tar.gz
Once installed, find your nearest NTP Server
and run a test connection using the ntptrace
..you should get a reply back similar to this..
efexor.vampiress.net: stratum 3, offset 20.535114, synch distance 0.14081
mel001.pacific.net.au: stratum 2, offset 20.531832, synch distance 0.08061
clock.tl.fukuoka-u.ac.jp: stratum 1, offset 20.523599, synch distance 0.00069,
- if you get a timeout but can otherwise access the internet, it's most likely a blocked port at the firewall. NTP uses port 123, so make sure this is open. For more, see tracing the server
NTP is configured by the /etc/ntp.conf
file and there are stacks
of settings. I like to keep things simple, so here's a very basic configuration file, with a preferred Australian time server and a backup in New Zealand..
server au.pool.ntp.org prefer
To start the daemon, edit /etc/rc.conf
and add the following line..
..and reboot the server. The daemon should be running, although it may seem to take a while for it to kick in, for the following reason.
Some references suggest to create a /etc/ntp.drift
file, however I tend not to as once started, the system will build its own within an hour. To quote FreeBSD.org's Hypertext Man Pages
The ntpd behavior at startup depends on whether the frequency file, usually ntp.drift,
exists. This file contains the latest estimate of clock frequency error. When the
ntpd is started and the file does not exist, the ntpd enters a special mode designed
to quickly adapt to the particular system clock oscillator time and frequency error.
This takes approximately 15 minutes, after which the time and frequency are set to
nominal values and the ntpd enters normal mode, where the time and frequency are
continuously tracked relative to the server. After one hour the frequency file is
created and the current frequency offset written to it. When the ntpd is started and
the file does exist, the ntpd frequency is initialized from the file and enters normal
mode immediately. After that the current frequency offset is written to the file at
Thanks ntpd! Once running, the command line utility ntpq
can be used to check the status of the NTP daemon on the local machine (or on a remote host)..
remote refid st t when poll reach delay offset jitter
*b.pool.ntp.uq.e im-ntp.its.uq.e 2 u 176 256 377 224.489 -116.96 15.090
+levy.catalyst.n gen3.ihug.co.nz 3 u 42 256 377 88.565 -205.22 13.766
command obtains a current list peers of the server, along with a summary of each peer's state. For more detail it's back to the FreeBSD.org's man pages
Controlling Access to the Server
By default the NTP server will be accessible to all hosts on the Internet. The restrict option in /etc/ntp.conf
allows control over which machines can access the server.
To deny all machines from accessing the NTP server, add the following line to /etc/ntp.conf
restrict default ignore
To only allow machines within your own network to synchronize their clocks with your server, but ensure they are not allowed to configure the server or used as peers to synchronize against, add..
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
instead, where 192.168.1.0 is an IP address on your network and 255.255.255.0 is your network's netmask.
can contain multiple restrict options. For more details, see the Access Control Support subsection of ntp.conf.
Links and References