⏱️ Why NTP Matters on Linux #
Accurate system time is a foundational requirement for modern Linux environments. Network Time Protocol (NTP) ensures clocks remain synchronized across servers and clients, which is critical for:
- Distributed systems and clustering
- Database consistency and replication
- Log correlation and auditing
- Authentication mechanisms (Kerberos, TLS, certificates)
This guide walks through installing, configuring, and validating NTP on Linux, covering both public NTP sources (Aliyun) and a private on-premises NTP server.
🌐 Using Aliyun Public NTP Servers #
Public NTP servers are ideal for most internet-connected systems. Below is an example configuration using Aliyun NTP servers.
Example: /etc/ntp.conf
#
# Aliyun Public NTP Servers
server ntp1.aliyun.com prefer
server ntp2.aliyun.com
server ntp3.aliyun.com
server ntp4.aliyun.com
# Security restrictions
restrict default nomodify notrap nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict -4 default kod notrap nomodify nopeer noquery
# Allow local network synchronization
restrict 192.168.122.0 mask 255.255.255.0 nomodify notrap
# Broadcast settings
broadcast 224.0.1.1
# Drift file configuration
filegen driftfile /var/lib/ntp/drift
After saving the file, restart the service:
systemctl restart ntpd
🧰 Preparing the Environment #
The following examples assume:
- Operating system: CentOS 7.x
- NTP server IP:
192.168.1.111 - NTP client IP:
192.168.1.179
Before configuration:
- Open UDP port 123 on firewalls
- Disable SELinux or configure appropriate policies
🖥️ Installing and Configuring an NTP Server #
1️⃣ Install NTP #
yum install ntp -y
2️⃣ Configure /etc/ntp.conf
#
cp /etc/ntp.conf{,.bak}
vim /etc/ntp.conf
server 127.127.1.0 # Local clock as time source
fudge 127.127.1.0 stratum 10 # Define stratum level
restrict 127.0.0.1
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
driftfile /var/lib/ntp/drift
logfile /var/log/ntp/ntp.log
This configuration is suitable for isolated or internal networks where an upstream internet time source is unavailable.
3️⃣ Create Required Directories #
mkdir -p /var/lib/ntp
mkdir -p /var/log/ntp
touch /var/log/ntp/ntp.log
4️⃣ Start and Enable the Service #
systemctl start ntpd
systemctl enable ntpd
5️⃣ Verify Server Synchronization #
ntpstat
Example output:
synchronised to local net at stratum 6
time correct to within 11 ms
polling server every 64 s
Check peer status:
ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 5 l 13 64 377 0.000 0.000 0.000
💻 Installing and Configuring an NTP Client #
1️⃣ Install Required Packages #
yum install ntp ntpdate -y
2️⃣ Configure Client /etc/ntp.conf
#
cp /etc/ntp.conf{,.bak}
vim /etc/ntp.conf
server 192.168.1.111 # Local NTP server
restrict 127.0.0.1
logfile /var/log/ntp/ntp.log
3️⃣ Create Log Directory #
mkdir -p /var/log/ntp
touch /var/log/ntp/ntp.log
4️⃣ Perform Initial Time Sync #
ntpdate 192.168.1.111
This step avoids large time offsets that may prevent ntpd from syncing.
5️⃣ Start the NTP Daemon #
systemctl start ntpd
6️⃣ Verify Client Synchronization #
ntpstat
Example during startup:
unsynchronised
time server re-starting
polling server every 8 s
Check peer status:
ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.1.111 LOCAL(0) 6 u 11 64 1 0.502 0.009 0.000
Once the reach value stabilizes, synchronization is complete.
✅ Summary #
By following this guide, you can deploy a reliable and maintainable NTP infrastructure on Linux, whether:
- Synchronizing directly from Aliyun public NTP servers, or
- Operating a private NTP server for internal environments
Proper time synchronization ensures:
- Accurate and trustworthy logs
- Stable distributed systems
- Secure authentication and cryptographic operations
In production Linux systems, NTP is not optional—it is foundational.