NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38. See NTPRelatedDefinitionsDev for discussion of this topic.
ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
12.2. NTP-related definitions
Many of the following come from the RFCs. The following terms are defined in RFC-1305
- How well a clock can maintain a constant frequency.
- How a clock's frequency and time compare with national standards.
- How precisely Stability and Accuracy can be maintained within a particular timekeeping system. Another way of thinking of this, is as the smallest unit of time a clock that can be read from the clock. This is a number indicating the precision of the various clocks, in seconds rounded to the next larger power of two; for instance, a 50-Hz (20 ms) or 60-Hz (16.67 ms) power-frequency clock would be assigned the value -5 (31.25 ms), while a 1000-Hz (1 ms) crystal-controlled clock would be assigned the value -9 (1.95 ms).
- The time difference between two clocks, relative to a selected reference clock. Represents the amount to adjust the local clock to bring it into correspondence with the reference clock.
- The frequency difference (first derivative of Offset with time) between two clocks.
- Real clocks exhibit some variation in Skew (second derivative of Offset with time), which is called Drift; however, in NTPv3 the Drift is assumed zero.
- Round-trip Delay
- Provides the capability to launch a message to arrive at the reference clock at a specified time. Relative to a selected reference clock.
- Represents the maximum error of the local clock relative to the reference clock.
- This is a 16-bit code indicating the current status of the system, peer or clock, with the following sub-fields: Leap Indicator (two bits, also described below), Clock Source (six bits), System Event Counter (four bits), System Event Code (four bits).
- Leap Indicator
- This is a two-bit code warning of an impending leap second to be inserted in the NTP timescale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover interval) in the day of insertion to be increased or decreased by one.
- This is a number indicating the stratum of the local clock, with values defined as follows:
- Primary reference (e.g., calibrated atomic clock, radio clock, etc...)
- Secondary reference (via NTP, calculated as the stratum of your system peer plus one)
An NTP server's stratum is one greater than the stratum of its current best time source. Note that a server which changes time sources may also change its stratum if its new source has a different stratum than the old source.
- Poll Interval
- This is the minimum interval between transmitted messages, in seconds as a power of two. For instance, a value of six indicates a minimum interval of 64 seconds.
- Root Delay
- This is the total roundtrip delay to the primary reference source at the root of the synchronization subnet, in seconds. Note that this variable can take on both positive and negative values, depending on clock Precision and Skew.
- Root Dispersion
- This is a number indicating the maximum error relative to the primary reference source at the root of the synchronization subnet, in seconds. Only positive values greater than zero are possible.
- This is a 32-bit code identifying the particular reference clock. In the case of stratum 0 (unspecified) or stratum 1 (primary reference source), this is a four-octet, left-justified, zero-padded ASCII string.
- This is the local time, in timestamp format, when the local clock was last updated. If the local clock has never been synchronized, the value is zero.
There are additional terms defined in the documentation for the ntpq
command. Here is a selection of the most common terms from this page:
- Everything you might need to know about the software version and generation time.
- The processor and kernel identification string.
- The operating system version and release identifier.
- The state of the clock discipline state machine. The values are described in the architecture briefing on the NTP Project page linked from www.ntp.org.
- The internal integer used to identify the association currently designated the System Peer.
- Short-term variations in Frequency with components greater than 10 Hz. The estimated time error of the system clock measured as an exponential average of RMS time differences.
- This is a measure of how a clock can maintain a constant Frequency. Refers to the systematic variation of frequency with time and is synonymous with aging, drift, trends, etc.... The estimated Frequency stability of the system clock measured as an exponential average of RMS frequency differences.
There are additional terms that are also useful to know when discussing the NTP protocol, or the Reference Implementation:
- The measurement of the number of times that a repeated event occurs per unit time (usually one second). To calculate the frequency of an event, the number of occurrences of the event within a fixed time interval are counted, and then divided by the length of the time interval. See WikiPedia for more.
- System peer
- The reference which the server has selected as being the best available.
- Long-term variations in Frequency with components less than 10 Hz.