Setting up a FreeBSD time server

It is a very simple process, however it does take a bit of patience. The NTP standard is quite complex and large, so I know I only scratched the surface.

If you’re going to be syncing more than a handful of machines with a time server, it is recommended to setup your own time server to act as a relay. You really want this be a minimum of a “stratum 2″ server. The stratum number corresponds to how authoritative the server is. Stratum 0 is an actual time keeping device (IE: Cesium clock). More here: Clock Strata

Now, to selecting a stratum 1 server for your time server to sync from. Try to choose at least 4 servers that are geographically near you (at least in the same timezone).
List 1: NIST Servers
List 2: USNO Servers

/etc/ntp.conf

server nist1-la.ustiming.org prefer iburst
server tick.ucla.edu iburst
server nist1-sj.ustiming.org iburst
server time.nist.gov iburst

# Default restrict EVERYONE
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Allow localhost to do anything
restrict 127.0.0.1
restrict -6 ::1

# Allow my authorized networks
restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap nopeer

Your primary server you delineate with a “prefer”. The “iburst” means, to send 8 packets in burst in order to get a response ASAP.
Unless you plan on running a public stratum 2 server, default restrict the server and add rules for access. We definitely want to at least allow localhost full access and my authorized network query access.

Next up is enabling the service by adding these lines to /etc/rc.conf

ntpd_enable="YES"
ntpd_sync_on_start="YES"
ntpd_config="/etc/ntp.conf"

Finally, start the service:

/etc/rc.d/ntpd start

Now, is when patience comes in to play. NTP is a very cautious standard. It will report its stratum to 16 (the worst possible) until it’s sure that its in sync. This can take a few minutes to few hours.

To check on the status of your server:

ntpq -pn localhost

You’re waiting for “st” to drop to 1 (since those should be stratum 1 servers)

To test from a client machine use

ntpdate -qd 10.0.0.1

This will spit out a bunch of debug statements; you’re interested in the stated stratum which will be 2 when your ntpd is sure of itself.