NTP Servers

Multicast Server

# /etc/ntp.conf, configuration for ntpd

driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/
keys /var/lib/ntp/ntp.keys

trustedkey 8 42
controlkey 8
requestkey 8

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# You do need to talk to an NTP server or two (or three).
# You may not want this here if upstream access is not always available,
# see below.
# server time.example.com burst iburst

# dont go far (ttl = 1) but update on le hour (minpoll 4 = pow(2,4) = 16 seconds)
broadcast ff05::101 ttl 1 version 4 key 42

# we dont talk to strangers
restrict -4 default ignore
restrict -6 default ignore

# except to our lan
restrict 192.0.2.128 mask 255.255.255.248 nomodify
restrict -6 2001:db8:1337:1:: mask ffff:ffff:ffff:ffff:: nomodify

# and upstream
restrict 192.0.2.1 nomodify
restrict -6 2001:db8:1::1 nomodify

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

Multicast client

# /etc/ntp.conf, configuration for ntpd

driftfile /var/lib/ntp/ntp.drift
keys /var/lib/ntp/ntp.keys

trustedkey 8 42
controlkey 8
requestkey 8

statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

multicastclient ff05::101

# we dont talk to strangers
restrict -4 default ignore
restrict -6 default ignore

# except local lan
restrict 192.0.2.128 mask 255.255.255.240 nomodify
restrict -6 2001:db8:1337:1:: mask ffff:ffff:ffff:ffff:: nomodify

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

Adding a server after ntpd starts

You may add something like this so that an ntpd that must start serving time at startup can have its upstream server added later.

ntpdc wants to open /dev/tty to get your password, but you can trick it with expect.

PASSWORD=$(grep ^8 /var/lib/ntp/ntp.keys | cut -f3)
/usr/bin/expect -c $'\
 spawn ntpdc -c "keyid 8" -c "addserver time.example.com 0 iburst burst";
 expect "MD5 Password:";\
 send "'${PASSWORD}'\r";\
 expect "done!"\
' > /dev/null