ubuntu18.04搭建NTP服务器

服务端

客户端

服务端

安装ntp服务

  1. apt install -y ntp

配置文件/etc/ntp.conf

  1. #这里常用的选项是prefer - 优先主机, iburst -当服务器不可用时将发包检测
  2. server 127.127.1.0 prefer
  4. #允许这个网段的对时请求
  5. restrict 14.232.7.0.0 mask 255.255.255.0 nomodify

完整的配置文件

  1. # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
  3. driftfile /var/lib/ntp/ntp.drift
  5. # Leap seconds definition provided by tzdata
  6. leapfile /usr/share/zoneinfo/leap-seconds.list
  8. # Enable this if you want statistics to be logged.
  9. #statsdir /var/log/ntpstats/
  11. statistics loopstats peerstats clockstats
  12. filegen loopstats file loopstats type day enable
  13. filegen peerstats file peerstats type day enable
  14. filegen clockstats file clockstats type day enable
  16. # Specify one or more NTP servers.
  18. # Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
  19. # on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
  20. # more information.
  21. #pool 0.ubuntu.pool.ntp.org iburst
  22. #pool 1.ubuntu.pool.ntp.org iburst
  23. #pool 2.ubuntu.pool.ntp.org iburst
  24. #pool 3.ubuntu.pool.ntp.org iburst
  26. # Use Ubuntu's ntp server as a fallback.
  27. #pool ntp.ubuntu.com
  29. server 127.127.1.0 prefer 
  31. # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
  32. # details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
  33. # might also be helpful.
  34. #
  35. # Note that "restrict" applies to both servers and clients, so a configuration
  36. # that might be intended to block requests from certain clients could also end
  37. # up blocking replies from your own upstream servers.
  39. # By default, exchange time with everybody, but don't allow configuration.
  40. restrict -4 default kod notrap nomodify nopeer noquery limited
  41. restrict -6 default kod notrap nomodify nopeer noquery limited
  43. # Local users may interrogate the ntp server more closely.
  44. restrict 127.0.0.1
  45. restrict ::1
  46. #允许这个网段的对时请求
  47. restrict 14.232.7.0 mask 255.255.255.0 nomodify 
  49. # Needed for adding pool entries
  50. restrict source notrap nomodify noquery
  52. # Clients from this (example!) subnet have unlimited access, but only if
  53. # cryptographically authenticated.
  54. #restrict 192.168.123.0 mask 255.255.255.0 notrust
  57. # If you want to provide time to your local subnet, change the next line.
  58. # (Again, the address is an example only.)
  59. #broadcast 192.168.123.255
  61. # If you want to listen to time broadcasts on your local subnet, de-comment the
  62. # next lines.  Please do this only if you trust everybody on the network!
  63. #disable auth
  64. #broadcastclient
  66. #Changes recquired to use pps synchonisation as explained in documentation:
  67. #http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3918
  69. #server 127.127.8.1 mode 135 prefer    # Meinberg GPS167 with PPS
  70. #fudge 127.127.8.1 time1 0.0042        # relative to PPS for my hardware
  72. server 127.127.22.1                   # ATOM(PPS)
  73. fudge 127.127.22.1 flag3 1            # enable PPS API

防火墙

  1. iptables -t filter -A INPUT -p udp --destination-port 123 -j ACCEPT
  3. #或者
  4. sudo ufw allow 123/udp

开机启动

  1. systemctl enable ntp

客户端

修改dns地址

  1. vim /etc/systemd/resolved.conf 
  3. [Resolve]
  4. DNS=14.232.7.254
  5. LLMNR=no

重启DNS服务

  1. systemctl restart systemd-resolved.service

客户端同步时间

  1. apt install -y ntpdate
  3. ntpdate 13.232.7.1