NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
Undisciplined Local Clock
The Undisciplined Local Clock should generally no longer be used.
It was originally designed to be used when an
must be able to serve time to others even when no real
time sources are reachable.
Please see the Distribution Documentation
for information about other applications for the Undisciplined Local Clock.
Users of ntp-4.2.2 and later should consider OrphanMode as a means of keeping an isolated group of servers synchronized.
The Undisciplined Local Clock is not
a back-up for leaf-node (i.e. client only)
It important that time servers using the Undisciplined Local Clock are not considered as authoritative sources of time by systems on the public Internet. Although the default stratum for the Undisciplined Local Clock is 5, in cases where an
may become accessible outside of your immediate, controlled, network is it strongly suggested the the stratum of the Undisciplined Local Clock be raised to no less than 10.
The configuration examples shown here are to be added to
in addition to the other configuration directives (e.g. driftfile, statistics, logging, crypto, restrictions, servers, etc.).
There is no required order for these configuration directives.
Single Time Server
fudge 127.127.1.0 stratum 10
Dual Time Servers
Choose the two systems with the most stable clocks from your group of servers. They should not be virtual machines and they should not be heavily loaded systems. In fact, an old Pentium-1 system dedicated as a time server is often your best choice.
These systems will be configured with the Undisciplined Local Clock with staggered strata (two levels apart). The lowest stratum to use for your primary backup time server should be at least
2 higher than where this
would normally run. If these time servers are publically accessible please use a higher stratum for the Undisciplined Local Clock in your primary back-up server.
Primary back-up server
# We are normally synced to a stratum-2 remote time server
fudge 127.127.1.0 stratum 5
Secondary back-up server
# Our primary back-up server will operate at stratum 6
fudge 127.127.1.0 stratum 7
Related Topics: Distribution Documentation: Undisciplined Local Clock