Chrony NTP Server

Bruce Ediger

2024-06-01 (Last Modified: 2024-06-02)

I’ve had an interest in accurate timekeeping and NTP, the Network Time Protocol for quite a while.

At one time or another over the years, I’ve run the original ntpd, xntpd, and OpenNTPD. I currently have the chrony NTP server running on my old server, to aggregate NTP needs on my home network.

I installed the Arch Linux chrony package on my new server. I configured it as a client of my old server’s chronyd. It seemed to keep good time. I immediately forgot about it, but I retained a background belief that all was well.

A couple of years ago I bought an Apple “m2” silicon 14 inch Macbook air. I recently powered it up after a long period of disuse, it came up with October 23, 2023 as the current date.

Problem: since to the rest of the world, the date is June 1, 2024, a lot of TLS certificates are “in the future”. Most software, including the Safari web browser, won’t accept those certificates.

I used Firefox on my Linux laptop to find out how to get the date from an NTP server. The command is sntp -Ss 172.24.0.1. This didn’t work. sntp gives a weird jumble of output and a confusing message.

I checked, my new server was running chronyd, and chronyd was a client of my old server. sntp on my Mac laptop still didn’t work.

Having just set up kea DHCP daemon on my new server, I checked the file /etc/chrony.conf to see if it had the correct interface names in it. It did not, mainly because that’s not how chronyd selects its clients. You have to tell chronyd which subnets to allow, not which network interfaces to listen on, and I have not put any CIDR notation subnets in allow lines in /etc/chrony.conf

Once I added an allow 172.24.0.0/16, and restarted chronyd.service, the Mac laptop picked up the current time.

Here’s what my Linux laptop’s chronyd says is going on:

chronyc> sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- monarch.glump                 5   9   377   508    -40us[ -528us] +/-   20ms
^* _gateway                      6   9   377   255   -797us[-1322us] +/-   18ms

My Linux laptop thinks that my old server is named “monarch” and it’s in the “.glump” domain. Here, “_gateway” is my new server.

Here are my new server’s NTP clients:

chronyc> clients
Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
===============================================================================
172.24.0.154                  102      0  10   -   470       0      0   -     -
wrt3200acm.cheese               8      0  12   -   52m       0      0   -     -
hazard7.cheese                 65      0   9   -   445       0      0   -     -

Kea has allocated 172.24.0.154 to my Mac laptop. “hazard7.cheese” is what my new server thinks my laptop’s DNS name is, and “wrt3200acm.cheese” is the DNS name assigned to my WRT3200ACM router.