# Just a quick note on what I change on chrony, which is the servers. # DO NOT ACTUALLY PUT THIS FILE IN PRODUCTION, GREP COPY-PASTE INSTEAD? # Checking that something is an NTP server? Needs root # nmap -sU -p 123 --script=ntp-info 192.168.0.1 # Checking that something has NTS? # nmap -p 4460 -Pn ntp.example.net # Windows? choco install nettime ## NTS servers # Cloudflare NTS, anycast, works probably anywhere. No leap second smearing. # Maybe `prefer` it due to anycast and NTS which seems very rare and also # working with VPNs unlike country-local servers? #pool time.cloudflare.com maxsources 2 iburst nts ## NTP servers # Local NTP servers, see allow lines in the bottom #server LOCALMACHINE.local iburst auto_offline prefer # Or alternatively reciprocaully TODO: how do `key` options work? This # apparently should only be done in trusted LAN. #peer LOCALMACHINE.local auto_offline prefer # Public official Finnish time server, I am very surprised if there is leap # smearing #server time.mikes.fi iburst # Elisa NTP servers, no idea on smearing, I hope not #server ntp1.kolumbus.fi iburst #server ntp2.kolumbus.fi iburst #server ntp.saunalahti.fi iburst # DNA & Moi NTP server, no idea on smearing, I hope not #server ntp.dnainternet.fi iburst # Telia NTP servers, no idea on smearing, I hope not #pool ntp.inet.fi iburst maxsources 3 # Snopyta NTP servers, no idea on smearing, I hope not #pool ntp.snopyta.org iburst maxsources 3 # As more than one timeserver (that don't smear leap seconds) are good, keep # the provided vendor address intact/uncommented. Or maybe don't as per # their request on their website and I have enough timeservers. However # works well with always-on-VPN-use. #pool pool.ntp.org iburst # On pools, the default maxsources is 4 and pools would be resolved until # there would be 4 names while the documentation for Telia and Snopyta says # they have only 3. # Allowing access from LAN: #allow 192.168 #allow fe80::/10 # Commands of interest: # chrony -N authdata # chrony -N sources