Aminda Suomalainen
6f0184b519
From https://community.ntppool.org/t/chrony-conf-noclientlog-vs-clientloglimit/2263/4 I got the impression it's fine to do and the manual says it's compatible with the basic mode and xleave supporting servers may still reply in basic mode sometimes so this shouldn't break anything |
||
|---|---|---|
| .. | ||
| conf.d | ||
| sources.d | ||
| README.md | ||
| chrony.conf | ||
README.md
Chrony config files
For some reason Debian package for Chrony doesn’t include other config files so that has to be done by hand like
confdir /etc/chrony/chrony.dWindows
Refer to ../../Windows/time/README.md
Other random notes
On pools, the default maxsources is 4 and pools would be resolved until there would be 4 names while the documentation for Telia and Snopyta says they have only 3. Cloudflare again resolves to two per IP version, so I assume that means 2.
Commands of interest:
Chrony itself
Note: -N uses names specified in config instead of reverse name lookupping then.
chrony -N activity- what sources are doingchrony -N authdata- can show that server uses NTSchrony -N ntpdata- a lot of data on the serverschronyc offline- offline modechronyc online- reconnects serverschrony -N sources- used timeservers and their statuseschrony -N tracking- local status (stratum and own clock etc.)
nmap
Checking that something is an NTP server? Needs root:
nmap -sU -p 123 --script=ntp-info 192.168.0.1Checking that something has NTS?
nmap -p 4460 -Pn ntp.example.netIn GitHub user jauderho’s curated NTS list user cadusilva suggests this command instead:
chronyd -Q -t 3 'server NTP_SERVER_HERE iburst nts maxsamples 1'Firewall configuration
In case local clients or peers are wanted,
ufw allow from 192.168.0.0/16 to any port 123 proto udp
ufw allow from fe80::/10 to any port 123 proto udpA bit wide 192.168.x.x, but so is
conf.d/local-servers,conf and fe80://10 isn’t
ULA either.