How to Install and Configure NTP Server and Client on Debian

Step 4: Querying NTP Server Network

4. This is a moderately restrictive configuration for a network. As a result of these restrictions, there will be some issues with the time servers that this server wishes to query.

In order to correct this issue, a restrict statement needs to be added for each of the time servers that are being queried. These restrict stanzas ensure that this server can access higher level servers to get the appropriate time off-set. Below is the proper stanzas for allowing the servers previously configured in the ntp.conf file.

NTP Server Restricts
NTP Server Restricts

Back just before step three, a list of servers was determined to be the primary NTP servers for this server to query. As configured currently though, the ‘restrict default ignore‘ stanza will prevent this server from communicating with the servers configured.

This can be changed by creating a specific server/restrict stanza for each server. This is an easy process and must be done for each server.

  1. Server 129.6.15.28: This line must have the IP address rather than the host name. This is for safety and will help avoid issues should DNS be compromised.
  2. restrict 129.6.15.28 mask 255.255.255.255 nomodify notrap nopeer noquery: This line does quite a bit. The first part allows the server 129.6.15.28. The nomodify, nopeer, notrap, and noquery restrict what the server (129.6.15.28) is allowed to do to this NTP server.

Note: The IP address for this part can be easily determined with the use of the nslookup command.

# nslookup time-a.nist.gov    [The system will reply back with the IP address]

5. At this point, the system will be ready to start keeping track of time. The configuration changes now need to be saved and the NTP service needs to be restarted.

# service ntp restart

The server will take a few seconds to synchronize with the configured NTP servers but the process can easily be monitored with ‘ntpdc‘ or ‘ntpq‘ utilities.

# ntpdc -pn   [This utility will provide basic information about the higher level NTP servers]
# ntpq -pn    [This utility will provide slightly more information than 'ntpdc']

The arguments in the two commands do the same thing. The ‘-p‘ will print a list of peers as well as the current state and the ‘-n‘ will tell the utilities to show the remote server’s IP address rather than hostname.

Check NTP Server Information
Check NTP Server Information

The important piece of this 'ntpdc' output is the far left of the IP addresses. The asterisk ( * ) character indicates that server has chosen that server’s clock to synchronize time.

Provides NTP Server Information
Provides NTP Server Information

The important part from this output is again the asterisk ( * ) character as it indicates a synchronization. The other symbols have meanings as well, for instance the plus ( + ) symbol denotes possible candidates for synchronization and then the minus ( - ) indicates an outlier that is discarded for the time being. The minus doesn’t mean the other servers wont be used, rather it indicates that the particular server isn’t the best option.

At this point and assuming that the server’s time zone has been set properly, the server will be reflecting the right time and have synced with an upper strata server! At this point, more internal servers can be added and ‘peered’ or hosts within the network can be directed to the new internal NTP server rather than having to query out to the public NTP servers.

Step 5: NTP Client Configuration

6. The purpose behind this server setup was to create a Strata 2 server that an internal network could query for time. At this point, the server is running ( and hosts need to be directed to query this newly created internal server.

These next steps will assume a Linux machine is attempting to gather time from the newly created Strata 2 server. The first step on the Linux host is to install the NTP package.

# apt-get install ntp

This will install the same NTP package that was just installed on the server but this time, NTP will be configured to look at the local server rather than public NTP severs. On the host, open the configuration file ‘/etc/ntp.conf‘.

# nano /etc/ntp.conf

Much of the configuration will be the same on this Linux host except the server stanzas will now point to the internal server as seen below.

NTP Client Configuration
NTP Client Configuration

Save the configuration and exit nano. At this point the client is configured to listen to time from the newly created server (be sure to substitute the appropriate server name and IP addresses in the green boxes)! Next restart the NTP service and confirm that the host is synchronizing with the newly created Debian NTP server.

# service ntp restart
# ntpdc -pn
# ntpq -pn

The following screen-shots confirm that this host is synchronizing clocks with the newly created NTP server. This is confirmed both with ‘ntpdc‘ and ‘ntpq‘ by verifying the asterisk ( * ) by the IP address of the local NTP server.

Check NTP Time Synchronization with Ntpq
Check NTP Time Synchronization with Ntpq
Check NTP Time Synchronization with Ntpdc
Check NTP Time Synchronization with Ntpdc

At this point the Debian server is pulling the correct time from the Strata 1 servers and then handing out proper time to the internal network hosts. Now other devices can be configured to query this NTP server as well for time.

This particular configuration has been tested and works with multiple Cisco devices, other Debian Linux servers, and several Debian/Ubuntu based distributions. Enjoy the newly functioning Debian NTP server!

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Rob Turner
Rob Turner is an avid Debian user as well as many of the derivatives of Debian such as Devuan, Mint, Ubuntu, and Kali. Rob holds a Masters in Information and Communication Sciences as well as several industry certifications from Cisco, EC-Council, ISC2, Linux Foundation, and LPI.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

4 Comments

Leave a Reply
  1. I didn’t understand this concept properly. could you please explain easily so that the common person also able to understands.

    Thanks in advance.

    Reply
    • @Jaipalreddy,

      What you didn’t understand? could you explain more where you didn’t understand and what you looking us to explain more in depth?

      Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.