Advice In Time Sync

Home » CentOS » Advice In Time Sync
CentOS 8 Comments

Dear all,

I would need some advice as I am a beginner in CentOS.

The question is as follows:

How to set up timing if NTP was block by ISP?

I have try many way such as link the timezone , getting from the hardware clock.However , it is not the solution.

Please advice.

8 thoughts on - Advice In Time Sync

  • your ISP doesn’t have their own timeserver you can access??

    I’ve never heard of an ISP blocking ntp protocol, unless they are blocking /everything/ but web and email via proxy, whereupon they aren’t really an internet service provider, they are just a web-n-mail service provider.

  • You can setup a your own NTP server following this howto:
    http://brainwreckedtech.wordpress.com/2008/08/25/howto-run-your-own-ntp-server-when-your-isp-blocks-ports/
    and adapting it for CentOS, or you can use a workaround like trying to setup a cron job to run ntpdate every 15 minutes to sync system time with ntp.org public servers using unprivilleged port.

    15 * * * * /usr/sbin/ntpdate -s -u -B pool.ntp.org

    -s option tells ntpdate to print output to syslog; -u tells it to use unprivilleged port; -B tell it to adjust the time incrementally as oppose to instantly.

    Then setup ntpd as a local ntp server for internal use. This ntpd uses it’s localtime as the source instead of syncing from another ntp.org public server.


    “The intuitive mind is a sacred gift and the rational mind is a faithful servant. We have created a society that honors the servant and has forgotten the gift.” (A. Einstein)

    “La mente intuitiva è un dono sacro e la mente razionale è un fedele servo. Noi abbiamo creato una società che onora il servo e ha dimenticato il dono.” (A. Einstein)

    Fabrizio Di Carlo

  • you also could hook up a simple GPS and configure your master NTP server to be a stratum 0 GPS referenced clock, then sync your other systems to it. down side, a GPS antenna needs a fairly clear view of the sky. it might work in a 1 story residence with a wooden roof, its not going to work at all buried in a multistory concrete and steel office building.

  • Sounds likely. ACLs like that are bad practice, but some people can get overzealous. Hopefully they’re only temporary until the hosts running NTP have been further secured.

    http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks

    It is probably a good idea to call and complain to your ISP if this is happening to you.

    As others mentioned, the OP might be able to sync time off their ISP’s NTP
    servers (if provided). Or go with a GPS time source as John Pierce suggested.

    First DNS attacks thanks to dns recursion, now NTP attacks due to time servers… ;)

  • Perhaps your ISP is just blocking NTP servers outside your country.

    I believe the telephone number you gave in your signature terminates in Thailand, so try using th.pool.ntp.org. That domain name will resolve to an IP that is in Thailand.

    If my guess about your country is wrong, the same advice applies, except that you will of course need to seek out a different section of the NTP
    pool:

    http://www.pool.ntp.org/

  • In addition to this, have you tried a google search for NTP servers that possible run on other ports. I mention this in case your ISP is truly blocking all NTP traffic.