Mastering NTP: Configure Accurate Time Sync on Linux Servers
This guide explains time‑zone fundamentals, compares ntpd and ntpdate, and provides step‑by‑step commands to install, configure, secure, and verify NTP services on Linux, ensuring reliable and precise system time across servers.
1. Time Zone Concepts
UTC
The Earth is divided into 24 time zones; each zone has its local time. In international radio communication a unified time called Coordinated Universal Time (UTC) is used.
GMT
Greenwich Mean Time is the standard time at the Royal Greenwich Observatory in London; UTC and GMT are essentially the same.
CST
China Standard Time. CST = UTC+8 = GMT+8 DST
Daylight Saving Time advances clocks by one hour in summer; China does not use DST.
# 查看当前服务器时区
timedatectl
# 列出时区并设置时区
timedatectl list-timezones
timedatectl set-timezone Asia/Shanghai2. ntpd and ntpdate
ntpdgradually calibrates the system clock, while ntpdate makes an immediate adjustment without considering running processes. Using ntpdate can cause abrupt time jumps that break applications relying on a monotonic clock, such as database transactions.
Security concerns: ntpdate depends on the NTP server’s security; an attacker compromising the server can force synchronized hosts to execute costly tasks.
Precision issues: if the NTP server fails, ntpdate cannot sync, whereas ntpd continues to keep the clock calibrated.
Elegance: ntpdate makes sudden jumps, which can cause duplicate timestamps; using ntpd to slowly adjust time is preferred.
3. Deploying NTP Service
Use public NTP pool servers to keep cluster time consistent.
(1) Install service software
# 查看是否安装
rpm -q ntp
# 如果没有安装,执行以下命令
yum install ntpdate ntp -y(2) Basic configuration (/etc/ntp.conf)
driftfile /var/lib/ntp/drift
logfile /var/log/ntpd.log
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
restrict 172.16.128.0 mask 255.255.255.0 nomodify notrap
server 0.cn.pool.ntp.org iburst
server 1.cn.pool.ntp.org iburst
server 2.cn.pool.ntp.org iburst
server 3.cn.pool.ntp.org iburst
server 172.16.128.171 iburst
fudge 127.0.0.1 stratum 10
restrict 0.cn.pool.ntp.org nomodify notrap noquery
restrict 1.cn.pool.ntp.org nomodify notrap noquery
restrict 2.cn.pool.ntp.org nomodify notrap noquery(3) Enable service at boot
# CentOS 7
systemctl enable ntpd
systemctl enable ntpdate
systemctl is-enabled ntpd(4) Open firewall
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload(5) Write correct time to hardware clock
ss -tlunp | grep ntp
ntpq -p
hwclock -w(6) Client configuration
# Add server to client /etc/ntp.conf
server 172.16.128.171
# Restart service
systemctl restart ntpd
# Schedule daily sync with ntpdate
crontab -e
0 0 * * * /usr/sbin/sntp -P no -r 172.16.128.171; hwclock -w(7) Check NTP synchronization status
# ntpq -p
remote refid st t when poll reach delay offset jitter
218.189.210.3 118.143.17.82 2 u 7 64 101.974 -33.967 0.000# ntpdate -q 0.hk.pool.ntp.org
server 203.95.213.129, stratum 2, offset -0.020632, delay 0.06477
server 209.58.185.100, stratum 2, offset -0.011884, delay 0.06216
server 218.189.210.4, stratum 0, offset 0.000000, delay 0.00000
server 218.189.210.3, stratum 2, offset -0.036728, delay 0.11096Open Source Linux
Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.