ubuntu18.04搭建NTP服务器

服务端

客户端

服务端

安装ntp服务

  1. apt install -y ntp

配置文件/etc/ntp.conf

  1. #这里常用的选项是prefer - 优先主机, iburst -当服务器不可用时将发包检测
  2. server 127.127.1.0 prefer
  3. #允许这个网段的对时请求
  4. restrict 14.232.7.0.0 mask 255.255.255.0 nomodify

完整的配置文件

  1. # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
  2. driftfile /var/lib/ntp/ntp.drift
  3. # Leap seconds definition provided by tzdata
  4. leapfile /usr/share/zoneinfo/leap-seconds.list
  5. # Enable this if you want statistics to be logged.
  6. #statsdir /var/log/ntpstats/
  7. statistics loopstats peerstats clockstats
  8. filegen loopstats file loopstats type day enable
  9. filegen peerstats file peerstats type day enable
  10. filegen clockstats file clockstats type day enable
  11. # Specify one or more NTP servers.
  12. # Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
  13. # on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
  14. # more information.
  15. #pool 0.ubuntu.pool.ntp.org iburst
  16. #pool 1.ubuntu.pool.ntp.org iburst
  17. #pool 2.ubuntu.pool.ntp.org iburst
  18. #pool 3.ubuntu.pool.ntp.org iburst
  19. # Use Ubuntu's ntp server as a fallback.
  20. #pool ntp.ubuntu.com
  21. server 127.127.1.0 prefer
  22. # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
  23. # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
  24. # might also be helpful.
  25. #
  26. # Note that "restrict" applies to both servers and clients, so a configuration
  27. # that might be intended to block requests from certain clients could also end
  28. # up blocking replies from your own upstream servers.
  29. # By default, exchange time with everybody, but don't allow configuration.
  30. restrict -4 default kod notrap nomodify nopeer noquery limited
  31. restrict -6 default kod notrap nomodify nopeer noquery limited
  32. # Local users may interrogate the ntp server more closely.
  33. restrict 127.0.0.1
  34. restrict ::1
  35. #允许这个网段的对时请求
  36. restrict 14.232.7.0 mask 255.255.255.0 nomodify
  37. # Needed for adding pool entries
  38. restrict source notrap nomodify noquery
  39. # Clients from this (example!) subnet have unlimited access, but only if
  40. # cryptographically authenticated.
  41. #restrict 192.168.123.0 mask 255.255.255.0 notrust
  42. # If you want to provide time to your local subnet, change the next line.
  43. # (Again, the address is an example only.)
  44. #broadcast 192.168.123.255
  45. # If you want to listen to time broadcasts on your local subnet, de-comment the
  46. # next lines. Please do this only if you trust everybody on the network!
  47. #disable auth
  48. #broadcastclient
  49. #Changes recquired to use pps synchonisation as explained in documentation:
  50. #http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3918
  51. #server 127.127.8.1 mode 135 prefer # Meinberg GPS167 with PPS
  52. #fudge 127.127.8.1 time1 0.0042 # relative to PPS for my hardware
  53. server 127.127.22.1 # ATOM(PPS)
  54. fudge 127.127.22.1 flag3 1 # enable PPS API

防火墙

  1. iptables -t filter -A INPUT -p udp --destination-port 123 -j ACCEPT
  2. #或者
  3. sudo ufw allow 123/udp

开机启动

  1. systemctl enable ntp

客户端

修改dns地址

  1. vim /etc/systemd/resolved.conf
  2. [Resolve]
  3. DNS=14.232.7.254
  4. LLMNR=no

重启DNS服务

  1. systemctl restart systemd-resolved.service

客户端同步时间

  1. apt install -y ntpdate
  2. ntpdate 13.232.7.1