I’ve been doing some work with web programming that requires the use of various date() functions lately, and the skew on my Linux webserver’s clock was really beginning to grate my nerves. I had the ntp-update script loading at startup, and I normally reboot my server once a month or so for updates. Therefore, until recently, I had never noticed a problem with the time offset.

I’d had ntpd (a time synchronization daemon) running on my box, but it clearly wasn’t working. Because stuff like that really ought to work with default config files quickly edited with the time server you want, I only recently discovered it was misconfigured. So, in a valiant effort to get ntpd working correctly, I had to scour the net, only to find mounds of information that was nearly useless to a ntpd n00b like myself.

So, to save you the trouble, here’s what I eventually came up with, commented for your pleasure:


# Put your time servers here, that you want to sync with.
server pool.ntp.org
server anotherserver.com
server 555.555.555.555

# Leave this. It's a fallback when the other servers are inaccessable, so things don't break.
fudge stratum 10

# This is where ntpd stores "learned" info about your clock, so that over time it depends less on other servers for accurate time.
driftfile	/var/lib/ntp/ntp.drift

# Restrict the server enough to make it secure, but not so much as to make it not work (like the default config).
restrict default nomodify notrap noquery

# Allow unrestricted localhost

# If you act as a time server to clients on an internal network, uncomment and change this to suit.
# This rule says they can query the time from you, but you shouldn't get it from them.
#restrict mask nomodify nopeer notrap



Edit: If your clock tends to get horribly skewed while your computer is off, and ntpd inexplicably exits without updating it, try enabling logging with the “logfile” config parameter. You may find that the cause was that the clock offset exceeded ntpd’s “sanity check”, and it wants you to update manually. To do so, use the command “ntpd -gq”. Yet another silly “gotcha” from this unintuitive program. Sigh.