mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-25 04:29:29 +01:00
Mikaela Suomalainen
81296a241c
I hope these are wider defaults than just Debian and allow me to not conflit with package manager, but regardless having a separate sources.d/ looks like a good idea for being able to `chronyc reload sources` |
||
---|---|---|
.. | ||
conf.d | ||
sources.d | ||
chrony.conf | ||
README.md |
Chrony config files
For some reason Debian package for Chrony doesn’t include other config files so that has to be done by hand like
confdir /etc/chrony/chrony.d
Windows
choco install nettime
Other random notes
On pools, the default maxsources is 4 and pools would be resolved until there would be 4 names while the documentation for Telia and Snopyta says they have only 3. Cloudflare again resolves to two per IP version, so I assume that means 2.
Commands of interest:
Chrony itself
Note: -N uses names specified in config instead of reverse name lookupping then.
chrony -N activity
- what sources are doingchrony -N authdata
- can show that server uses NTSchrony -N ntpdata
- a lot of data on the serverschronyc offline
- offline modechronyc online
- reconnects serverschrony -N sources
- used timeservers and their statuseschrony -N tracking
- local status (stratum and own clock etc.)
nmap
Checking that something is an NTP server? Needs root:
nmap -sU -p 123 --script=ntp-info 192.168.0.1
Checking that something has NTS?
nmap -p 4460 -Pn ntp.example.net
Firewall configuration
In case local clients or peers are wanted,
ufw allow from 192.168.0.0/16 to any port 123 proto udp
ufw allow from fe80::/10 to any port 123 proto udp
A bit wide 192.168.x.x
, but so is
conf.d/local-servers,conf
and fe80://10
isn’t
ULA either.