# ntpd vs. ntpdate

## Stygius

I've recently read a bit about the Network Time Protocol (ebuild exists), and it seems really nice. However, the NTP-suite contains two different ways of synchronizing your time to a NTP-server on the net; the ntpd daemon and the ntpdate program. 

Apparently, the daemon is far more advanced and contains complex algorithms. The creator of NTP argues that everyone should use ntpd. Ntpdate is similar to rdate - it runs once and quickly sets the right time, and is very popular because of its simplicity.

What I'd like to hear are some opinions and experiences regarding the ntpd/ntpdate issue, and generally on using the NTP. Further, are there any security concerns in letting your system act as a NTP-server?

----------

## Nitro

 *Stygius wrote:*   

> Apparently, the daemon is far more advanced and contains complex algorithms. The creator of NTP argues that everyone should use ntpd. Ntpdate is similar to rdate - it runs once and quickly sets the right time, and is very popular because of its simplicity.
> 
> What I'd like to hear are some opinions and experiences regarding the ntpd/ntpdate issue, and generally on using the NTP. Further, are there any security concerns in letting your system act as a NTP-server?

 

I run ntpd on my server, and the rest of my linux clients sync with it using ntpdate every now and then, and windows 2000 & XP clients also sync with ntpd running on my server.  If your computer keeps accurate time, I don't see much of a need to start up ntpd, setup something like ntpdate to sync with a localtime server in cron every week or something.

As far as security, ntpd uses UDP, so half the time people don't realize it is running because they check it by running netstat, and well, it doesn't show up there.  Use lsof -i to find it.  ntpd has a access control (is that what they call it in the docs?) where you can allow only certain clients to use the server.  For example, part of my server's /etc/ntp.conf reads: 

```
restrict default nomodify nopeer notrust noserve notrap

restrict 127.0.0.1 notrust nomodify

restrict 24.160.253.95 notrust nomodify

restrict 192.168.1.0 mask 255.255.255.0 nopeer nomodify

restrict 192.168.2.0 mask 255.255.255.0 nopeer nomodify

```

Basically, I set my server to a restrictive default.   Then, I tell it to restrict localhost to nomodify, in the event that somebody logged in to my server knows about ntpd, they can't go run around and screw up my time.  Finally, I set my two private subnets to nopeer (so my server won't sync with them later) and no modify.

If you do plan to setup ntp (doesn't hurt does it?), might want to check out your default gateway on your ISP's end.  Turns out that RoadRunner's routers are also running ntp.

My first line of defense is still my iptables firewall though.   :Smile: 

----------

## Stygius

Well, that pretty much settles it for me... I'm gonna set up ntpd for my LAN. 

Thanks Nitro, a lot of questions now answered.

----------

## hbbio

I post here because of ntp, but it's not directly related to the beginning of the thread...

I've been running ntp fine but now :

```
bash-2.05a# emerge -p -u world

These are the packages that I would merge, in order.

Calculating world dependencies -

!!! Error: couldn't find match for net-misc/ntp in update (likely old /var/db/pkg entry)

bash-2.05a# emerge -s ntp

[ Results for search key : ntp ]

[ Applications found : 0 ]

```

I've just rsynced right now... What's up doc ?

----------

## Nitro

Did you do emerge --clean rsync recently?  The older ntp ebuilds are no longer in your portage tree, because you blew them all away with --clean rsync.  Now, you have the new versions which are alpha versions, and they are also masked.  The solution is to either unmask them or use ebuild do build it.

```
 ebuild /usr/portage/net-misc/ntp/ntp-4.1.72-r2.ebuild merge 
```

 works for me  :Wink: 

----------

## hbbio

 *Nitro wrote:*   

> Did you do emerge --clean rsync recently? 

 

Nitro,

I never cleaned emerge rsync (and my homemade ugly emerge scripts are still there...). I merged the ebuild manually, which works well, but -p -u world still come up with this ntp error. Btw, I'm with portage 1.9.6-r1.

I unmerged ntp, and now it is willing to update... I'll put it back after (directly, since as it masked it's not accesible through emerge). It might be a temporary portage tree glitch. The unstable/testing/stable branches should be applied to ebuilds  :Smile: 

Thanks,

Henri

----------

