NTP is supposed to be setup so that only ONE device is asking for the time. I’ve read that your modem is a good use for this, but with such limited configuration available, that doesn’t seem remotely possible. I see zero logic or benefit in your multiple computers, multiple operating systems, tv, xbox and tablets, phones and even virtual machines all sync their time with multiple different time servers, at random intervals.
Are some of you doing this properly, and what is your setup?
I’d like to know hardware details, operating system on router / ntp server, and how you have the firewall / router rules confiugred to make it all work.
I use the built in NTP server functionality from my OPNsense router, which is running on a Protectli brand box. Most custom router OS’s have this functionality built in and are usually fairly easy to setup since it is such a commonly used and relatively ancient protocol. There are newer protocols that offer greater accuracy than NTP, or you can use a GPS clock of your own, but neither are really necessary for the average home user unless you like to tinker and want it just because you can.
I have it setup to listen on all of my VLANs that have client devices connected to them using the standard port (123). The devices that are physically wired into my network are all set to listen exclusively to the time server on their respective VLAN. For wireless devices, I set those to prefer listening to the local time server but also leave the system default time server in as a secondary option for when they are not connected locally. Multiple sources are easy to setup on Linux/BSD, your distribution’s documentation should cover that, but I am not sure on Windows, Apple, or mobile devices. I so rarely use the internet on my phone that I don’t even bother setting it there.
I’ve been running a GPS/Galileo/Beidou clock serving as Strata 1 source for many years at home. All my devices on the LAN sync their clocks from it. Even open up the Stratum 1 clock to the world for a few years. It was fun but now only serves me.
Do you need such time accuracy? Perhaps not. Sync’ing from a local CDN’s timeserver will do very well already.
It’s fun to play around for the first time for sure.
The only NTP server I have is on my security camera network which has no internet access. The VM that takes care of collecting video (Blue Iris) is the VM that all of the cams get their time from. Everything else just uses internet (namely canonical or Microsoft) for their time.
To be honest I have never thought about NTP and time synchronization within my home network. Could u guys please explain in which scenario it might be important to have a dedicated NTP server providing the same time to each host within my local network?
Currently my VMs and physical hosts just use what there operation system has built in but the Idea of hosting another service locally is very appealing
But first I need to understand the use cases where that makes sense and has any use.
NTP protocol has been around for a very long time. Like many good old protocols, it’s subject to man-in-the-middle attacks. Obviously people have been thinking of a secure version for many years as well. Haven’t looked at NTP for a while…surprise surprise. A secure standard known as NTS (network time security) has been officially approved since 2020.
NTS is essentially NTP over TLS. Akin to DNS over TLS. Good that NTP folks don’t call it that way. While personally I won’t lose sleep if my clocks are attacked by MITM, seems it’s just politically incorrect to say so. Also NTS already available in production software. So perhaps it’s time to do a long overdue upgrade for people dependent on external timeservers.
You have an issue and you know it occurred at 05:07:42 on your file server, but not why. Your DC time is set to 12:14:05, your file server is set to 12:17:42 and your workstation is set to 12:09:01. None are set to the actual time.
Good luck aligning those system logs to find the issue.
I run NTP server on my RaspPi for home lab and devices.
i started using local NTP time because one day my file server would no longer allow anyone to access it and after a half day of trouble shooting i realized at some point its time had become wildly off and the security on the box was not allowing user access if the time didn’t somewhat match the file server.
Especially on virtualbox, by default, it gets initial time from the host pc.
So if you have a host sync time, a vm using the host time, and then updating that information at every boot or reboot, you could already eliminate one time sync by disabling it in the guest system. If you have multiple VMs, they could all have ntp disabled and only use the hardware clock from the host.
Now windows syncs time at a rate of twice per day. This is great, but it doesn’t need to use windows time servers twice per day to stay synced.
I just always used NTP provided by the national institute of SI units and measurements because of habit, but all this talk about NTS made me realize this is something I’ve overlooked…
First time hearing of this, and it does seem to be a tad out of my scope as a normie home user but then again as a meganerd I definitely need to look into it.
What I’m more concerned about tho is spoof-proofing the (accurate & trustworthy) source, NTP in this case be it with DNSSEC or NTS or what have you.
… and generally things with out fine.
