Best practices for a NTP

e24ohme24ohm Posts: 151Member
I am thinking about setting all of my LAN resources: computer, servers, routers, switches...etc, to use a NTP server, but I am not sure what is best practice or what works well, so I need a little help.

My method of thinking – is to have a low end server on my LAN configured with NTP, and use “time-nw.nist.gov” 131.107.1.10 Microsoft, Redmond, Washington for my NTP. My local machines will then pull NTP from my low end NTP server on my local LAN.

Is this a good model or method?

Thank you,
E
Utini!

Comments

  • royalroyal Posts: 3,353Member
    From a Windows perspective, on your Forest Root PDC Emulator, configure time there. All DCs will syncronize from their domain's PDC Emulator and all clients in that domain will syncronize from any DC in their domain. PDC Emulators from child domains and from other trees will syncronize their time with the PDC Emulator from the Root Forest. If you're also configuring an outside time source for things such as VMWare or other hardware devices, make sure you use the same time source to make sure time is as close as possible and definitely within 5 minutes (default) which is required for Kerberos authentication to work properly.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • darkerosxxdarkerosxx Posts: 1,343Banned
    e24ohm wrote: »
    I am thinking about setting all of my LAN resources: computer, servers, routers, switches...etc, to use a NTP server, but I am not sure what is best practice or what works well, so I need a little help.

    My method of thinking – is to have a low end server on my LAN configured with NTP, and use “time-nw.nist.gov” 131.107.1.10 Microsoft, Redmond, Washington for my NTP. My local machines will then pull NTP from my low end NTP server on my local LAN.

    Is this a good model or method?

    Thank you,
    E

    Yes, that's a good idea. I prefer to use military NTP servers, personally. You can use either of these:

    tick.usno.navy.mil
    tock.usno.navy.mil
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,339Admin Admin
  • tierstentiersten Posts: 4,505Member
    Please make sure you're actually allowed to use the time server you've picked. There have been cases of misuse in the past where organisations/companies have withdrawn their free NTP service because of this.

    Article about NTP misuse.

    For most cases, you don't need to synchronise to a stratum 1 or better server. Your ISP probably runs a NTP server which you can use. Also you should synchronise with several servers just in case one of them has a problem.
  • astorrsastorrs Posts: 3,139Member ■■■■■■□□□□
    tiersten wrote: »
    Please make sure you're actually allowed to use the time server you've picked. There have been cases of misuse in the past where organisations/companies have withdrawn their free NTP service because of this.

    Article about NTP misuse.

    For most cases, you don't need to synchronise to a stratum 1 or better server. Your ISP probably runs a NTP server which you can use. Also you should synchronise with several servers just in case one of them has a problem.
    +1

    Consult the list here: WebHome < Servers < NTP to find the appropriate servers for your state/country. Like tiersten said, if all you're doing is syncing LAN devices and don't need an extremely high level of precision, use a couple of stratum-2 servers. Whatever you choose to do just make sure you follow the rules (listed on that site) for each server.
  • hypnotoadhypnotoad Posts: 915Banned
    NTP is lightweight. You can run an NTP daemon in a virtual machine almost anywhere - i wouldnt even bother giving it a dedicated machine. With the DC is the way to go in Windows though.
  • tierstentiersten Posts: 4,505Member
    hypnotoad wrote: »
    NTP is lightweight. You can run an NTP daemon in a virtual machine almost anywhere - i wouldnt even bother giving it a dedicated machine. With the DC is the way to go in Windows though.
    You shouldn't run NTP in a VM. The accuracy will be terrible due to the virtualisation of timers and interrupts.
  • tierstentiersten Posts: 4,505Member
    Oh and regarding the original question. Yes. You should run a local time server somewhere and point all your devices/servers at that.
Sign In or Register to comment.