NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

---

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

6.1.9. Configuring Local Refclocks

All refclocks are local in that they are directly attached to an ntpd.

Sometimes it is neccessary to synchronize clocks in the absence of reachable time sources. This is when some special modes of operation are useful.

6.1.9.1. Undisciplined Local Clock

The UndisciplinedLocalClock allows an ntpd to serve time to others even when not actually synchronized to a time source. It can also be used in configurations where the system clock is disciplined by some method outside of ntpd.

6.1.9.2. Orphan Mode

OrphanMode, in conjunction with a suitable mesh configuration, allows a group of systems to autonomously select a leader in the event that all time sources become unreachable.

OrphanMode was introduced in NTP-4.2.2 and is the intended replacement for most uses of the UndisciplinedLocalClock.