Setting up an NTP server
By default, ntpd-rs only acts as an NTP client, and doesn't serve time on any network interface. To enable ntpd-rs as a server, the following can be added to the configuration:
This will cause ntpd-rs to listen on all network interfaces on UDP port 123 for NTP client requests. If you only want to listen on a specific network interface, change0.0.0.0
to the IP address of that interface.
You can now configure a different machine to use your new server by adding to its configuration:
Limiting access
If you only want specific IP addresses to be able to access the server, you can configure a list of allowed clients through the allowlist mechanism. For this, edit the server configuration to look like:
[[server]]
listen = "0.0.0.0:123"
[server.allowlist]
filter = ["<allowed ipv4 1>/32", "<allowed ipv4 2>/32", "<allowed ipv6 1>/128"]
action = "ignore"
192.168.1.1/24
will allow any IP
address of the form 192.168.1.*
.
If you want to block certain IP addresses from accessing the server, you can configure a list of blocked clients as follows:
[[server]]
listen = "0.0.0.0:123"
[server.denylist]
filter = ["<blocked ipv4 1>/32", "<blocked ipv4 2>/32", "<blocked ipv6 1>/128"]
action = "deny"
The allow and deny list configurations are both optional in ntpd-rs. By default, if a server is configured it will accept traffic from anywhere. When configuring both allow and deny lists, ntpd-rs will first check if a remote is on the deny list. Only if this is not the case will the allow list be considered.
The allowlist.action
and denylist.action
properties can have two values:
ignore
silently ignores the requestdeny
sends a deny kiss-o'-death packet
Adding your server to the NTP pool
If your NTP server has a public IP address, you can consider making it available as part of the NTP pool. Please note that this can have significant long-term impact in terms of NTP traffic to that particular IP address. Please read the join instructions carefully before joining the pool.