Created
November 1, 2021 16:05
-
-
Save chtzvt/e738c67781df0073c029208e5f843907 to your computer and use it in GitHub Desktop.
Tools I built to manage & support captive NTP internally
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NTP Server Overrides | |
# https://gist.github.com/mutin-sa/eea1c396b1e610a2da1e5550d94b0453 | |
addn-hosts=/etc/ntp_upstream.hosts | |
cname=time.google.com,time.nhq | |
cname=time1.google.com,time.nhq | |
cname=time2.google.com,time.nhq | |
cname=time3.google.com,time.nhq | |
cname=time4.google.com,time.nhq | |
cname=time.cloudflare.com,time.nhq | |
cname=time.facebook.com,time.nhq | |
cname=time1.facebook.com,time.nhq | |
cname=time2.facebook.com,time.nhq | |
cname=time3.facebook.com,time.nhq | |
cname=time4.facebook.com,time.nhq | |
cname=time5.facebook.com,time.nhq | |
cname=time.windows.com,time.nhq | |
cname=time.apple.com,time.nhq | |
cname=time-ios.apple.com,time.nhq | |
cname=time.asia.apple.com,time.nhq | |
cname=time.euro.apple.com,time.nhq | |
cname=time-osx.g.aaplimg.com,time.nhq | |
cname=clepsydra.dec.com,time.nhq | |
cname=clepsydra.labs.hp.com,time.nhq | |
cname=clepsydra.hpl.hp.com,time.nhq | |
cname=time-a-g.nist.gov,time.nhq | |
cname=time-b-g.nist.gov,time.nhq | |
cname=time-c-g.nist.gov,time.nhq | |
cname=time-d-g.nist.gov,time.nhq | |
cname=time-a-wwv.nist.gov,time.nhq | |
cname=time-b-wwv.nist.gov,time.nhq | |
cname=time-c-wwv.nist.gov,time.nhq | |
cname=time-d-wwv.nist.gov,time.nhq | |
cname=time-a-b.nist.gov,time.nhq | |
cname=time-b-b.nist.gov,time.nhq | |
cname=time-c-b.nist.gov,time.nhq | |
cname=time-d-b.nist.gov,time.nhq | |
cname=time.nist.gov,time.nhq | |
cname=utcnist.colorado.edu,time.nhq | |
cname=utcnist2.colorado.edu,time.nhq | |
cname=ntp1.vniiftri.ru,time.nhq | |
cname=ntp2.vniiftri.ru,time.nhq | |
cname=ntp3.vniiftri.ru,time.nhq | |
cname=ntp4.vniiftri.ru,time.nhq | |
cname=ntp1.niiftri.irkutsk.ru,time.nhq | |
cname=ntp2.niiftri.irkutsk.ru,time.nhq | |
cname=vniiftri.khv.ru,time.nhq | |
cname=vniiftri2.khv.ru,time.nhq | |
cname=ntp21.vniiftri.ru,time.nhq | |
cname=ntp.mobatime.ru,time.nhq | |
cname=ntp1.stratum1.ru,time.nhq | |
cname=ntp2.stratum1.ru,time.nhq | |
cname=ntp3.stratum1.ru,time.nhq | |
cname=ntp4.stratum1.ru,time.nhq | |
cname=ntp5.stratum1.ru,time.nhq | |
cname=ntp2.stratum2.ru,time.nhq | |
cname=ntp3.stratum2.ru,time.nhq | |
cname=ntp4.stratum2.ru,time.nhq | |
cname=ntp5.stratum2.ru,time.nhq | |
cname=stratum1.net,time.nhq | |
cname=ntp.ru,time.nhq | |
cname=ts1.aco.net,time.nhq | |
cname=ts2.aco.net,time.nhq | |
cname=ntp1.net.berkeley.edu,time.nhq | |
cname=ntp2.net.berkeley.edu,time.nhq | |
cname=ntp.gsu.edu,time.nhq | |
cname=tick.usask.ca,time.nhq | |
cname=tock.usask.ca,time.nhq | |
cname=ntp.nsu.ru,time.nhq | |
cname=ntp.rsu.edu.ru,time.nhq | |
cname=ntp.nict.jp,time.nhq | |
cname=clock.nyc.he.net,time.nhq | |
cname=clock.sjc.he.net,time.nhq | |
cname=ntp.fiord.ru,time.nhq | |
cname=gbg1.ntp.se,time.nhq | |
cname=gbg2.ntp.se,time.nhq | |
cname=mmo1.ntp.se,time.nhq | |
cname=mmo2.ntp.se,time.nhq | |
cname=sth1.ntp.se,time.nhq | |
cname=sth2.ntp.se,time.nhq | |
cname=Sundsvall:,time.nhq | |
cname=svl1.ntp.se,time.nhq | |
cname=svl2.ntp.se,time.nhq | |
cname=ntp.se,time.nhq | |
cname=ntp.yycix.ca,time.nhq | |
cname=ntp.ix.ru,time.nhq | |
cname=time-a.as43289.net,time.nhq | |
cname=time-b.as43289.net,time.nhq | |
cname=time-c.as43289.net,time.nhq | |
cname=ntp.ripe.net,time.nhq | |
cname=clock.isc.org,time.nhq | |
cname=ntp.isc.org,time.nhq | |
cname=ntp.time.nl,time.nhq | |
cname=ntp1.time.nl,time.nhq | |
cname=ntp0.as34288.net,time.nhq | |
cname=ntp1.as34288.net,time.nhq | |
cname=ntp1.jst.mfeed.ad.jp,time.nhq | |
cname=ntp2.jst.mfeed.ad.jp,time.nhq | |
cname=ntp3.jst.mfeed.ad.jp,time.nhq | |
cname=pool.ntp.org,time.nhq | |
cname=0.pool.ntp.org,time.nhq | |
cname=1.pool.ntp.org,time.nhq | |
cname=2.pool.ntp.org,time.nhq | |
cname=3.pool.ntp.org,time.nhq | |
cname=europe.pool.ntp.org,time.nhq | |
cname=0.europe.pool.ntp.org,time.nhq | |
cname=1.europe.pool.ntp.org,time.nhq | |
cname=2.europe.pool.ntp.org,time.nhq | |
cname=3.europe.pool.ntp.org,time.nhq | |
cname=asia.pool.ntp.org,time.nhq | |
cname=0.asia.pool.ntp.org,time.nhq | |
cname=1.asia.pool.ntp.org,time.nhq | |
cname=2.asia.pool.ntp.org,time.nhq | |
cname=3.asia.pool.ntp.org,time.nhq | |
cname=ru.pool.ntp.org,time.nhq | |
cname=0.ru.pool.ntp.org,time.nhq | |
cname=1.ru.pool.ntp.org,time.nhq | |
cname=2.ru.pool.ntp.org,time.nhq | |
cname=3.ru.pool.ntp.org,time.nhq | |
cname=0.ubnt.pool.ntp.org,time.nhq | |
cname=1.ubnt.pool.ntp.org,time.nhq | |
cname=2.ubnt.pool.ntp.org,time.nhq | |
cname=3.ubnt.pool.ntp.org,time.nhq | |
cname=ntp.ubuntu.com,time.nhq | |
cname=0.gentoo.pool.ntp.org,time.nhq | |
cname=1.gentoo.pool.ntp.org,time.nhq | |
cname=2.gentoo.pool.ntp.org,time.nhq | |
cname=3.gentoo.pool.ntp.org,time.nhq | |
cname=0.arch.pool.ntp.org,time.nhq | |
cname=1.arch.pool.ntp.org,time.nhq | |
cname=2.arch.pool.ntp.org,time.nhq | |
cname=3.arch.pool.ntp.org,time.nhq | |
cname=0.fedora.pool.ntp.org,time.nhq | |
cname=1.fedora.pool.ntp.org,time.nhq | |
cname=2.fedora.pool.ntp.org,time.nhq | |
cname=3.fedora.pool.ntp.org,time.nhq | |
cname=0.opensuse.pool.ntp.org,time.nhq | |
cname=1.opensuse.pool.ntp.org,time.nhq | |
cname=2.opensuse.pool.ntp.org,time.nhq | |
cname=3.opensuse.pool.ntp.org,time.nhq | |
cname=0.centos.pool.ntp.org,time.nhq | |
cname=1.centos.pool.ntp.org,time.nhq | |
cname=2.centos.pool.ntp.org,time.nhq | |
cname=3.centos.pool.ntp.org,time.nhq | |
cname=0.debian.pool.ntp.org,time.nhq | |
cname=1.debian.pool.ntp.org,time.nhq | |
cname=2.debian.pool.ntp.org,time.nhq | |
cname=3.debian.pool.ntp.org,time.nhq | |
cname=0.askozia.pool.ntp.org,time.nhq | |
cname=1.askozia.pool.ntp.org,time.nhq | |
cname=2.askozia.pool.ntp.org,time.nhq | |
cname=3.askozia.pool.ntp.org,time.nhq | |
cname=0.freebsd.pool.ntp.org,time.nhq | |
cname=1.freebsd.pool.ntp.org,time.nhq | |
cname=2.freebsd.pool.ntp.org,time.nhq | |
cname=3.freebsd.pool.ntp.org,time.nhq | |
cname=0.netbsd.pool.ntp.org,time.nhq | |
cname=1.netbsd.pool.ntp.org,time.nhq | |
cname=2.netbsd.pool.ntp.org,time.nhq | |
cname=3.netbsd.pool.ntp.org,time.nhq | |
cname=0.openbsd.pool.ntp.org,time.nhq | |
cname=1.openbsd.pool.ntp.org,time.nhq | |
cname=2.openbsd.pool.ntp.org,time.nhq | |
cname=3.openbsd.pool.ntp.org,time.nhq | |
cname=0.dragonfly.pool.ntp.org,time.nhq | |
cname=1.dragonfly.pool.ntp.org,time.nhq | |
cname=2.dragonfly.pool.ntp.org,time.nhq | |
cname=3.dragonfly.pool.ntp.org,time.nhq | |
cname=0.pfsense.pool.ntp.org,time.nhq | |
cname=1.pfsense.pool.ntp.org,time.nhq | |
cname=2.pfsense.pool.ntp.org,time.nhq | |
cname=3.pfsense.pool.ntp.org,time.nhq | |
cname=0.opnsense.pool.ntp.org,time.nhq | |
cname=1.opnsense.pool.ntp.org,time.nhq | |
cname=2.opnsense.pool.ntp.org,time.nhq | |
cname=3.opnsense.pool.ntp.org,time.nhq | |
cname=0.amazon.pool.ntp.org,time.nhq | |
cname=1.amazon.pool.ntp.org,time.nhq | |
cname=2.amazon.pool.ntp.org,time.nhq | |
cname=3.amazon.pool.ntp.org,time.nhq | |
cname=tick.usno.navy.mil,time.nhq | |
cname=tock.usno.navy.mil,time.nhq | |
cname=ntp2.usno.navy.mil,time.nhq | |
cname=timekeeper.isi.edu,time.nhq | |
cname=rackety.udel.edu,time.nhq | |
cname=mizbeaver.udel.edu,time.nhq | |
cname=otc1.psu.edu,time.nhq | |
cname=gnomon.cc.columbia.edu,time.nhq | |
cname=navobs1.gatech.edu,time.nhq | |
cname=navobs1.wustl.edu,time.nhq | |
cname=now.okstate.edu,time.nhq | |
cname=ntp.colby.edu,time.nhq | |
cname=ntp-s1.cise.ufl.edu,time.nhq | |
cname=ntpstm.netbone-digital.com,time.nhq | |
cname=nist1.symmetricom.com,time.nhq | |
cname=t2.timegps.net,time.nhq | |
cname=gps.layer42.net,time.nhq | |
cname=ntp-ca.stygium.net,time.nhq | |
cname=sesku.planeacion.net,time.nhq | |
cname=ntp0.nl.uu.net,time.nhq | |
cname=ntp1.nl.uu.net,time.nhq | |
cname=navobs1.oar.net,time.nhq | |
cname=ntp-galway.hea.net,time.nhq | |
cname=ntp1.ona.org,time.nhq | |
cname=time.fu-berlin.de,time.nhq | |
cname=atom.uhr.de,time.nhq | |
cname=ntps1-0.cs.tu-berlin.de,time.nhq | |
cname=ntps1-1.cs.tu-berlin.de,time.nhq | |
cname=ntps1-0.uni-erlangen.de,time.nhq | |
cname=ntps1-1.uni-erlangen.de,time.nhq | |
cname=ntp1.fau.de,time.nhq | |
cname=ntp2.fau.de,time.nhq | |
cname=ntp.dianacht.de,time.nhq | |
cname=zeit.fu-berlin.de,time.nhq | |
cname=ptbtime1.ptb.de,time.nhq | |
cname=ptbtime2.ptb.de,time.nhq | |
cname=rustime01.rus.uni-stuttgart.de,time.nhq | |
cname=rustime02.rus.uni-stuttgart.de,time.nhq | |
cname=chime1.surfnet.nl,time.nhq | |
cname=ntp.vsl.nl,time.nhq | |
cname=asynchronos.iiss.at,time.nhq | |
cname=ntp.nic.cz,time.nhq | |
cname=time.ufe.cz,time.nhq | |
cname=ntp.fizyka.umk.pl,time.nhq | |
cname=tempus1.gum.gov.pl,time.nhq | |
cname=tempus2.gum.gov.pl,time.nhq | |
cname=ntp1.usv.ro,time.nhq | |
cname=ntp3.usv.ro,time.nhq | |
cname=timehost.lysator.liu.se,time.nhq | |
cname=time1.stupi.se,time.nhq | |
cname=time.nrc.ca,time.nhq | |
cname=clock.uregina.ca,time.nhq | |
cname=cronos.cenam.mx,time.nhq | |
cname=ntp.lcf.mx,time.nhq | |
cname=hora.roa.es,time.nhq | |
cname=minuto.roa.es,time.nhq | |
cname=ntp1.inrim.it,time.nhq | |
cname=ntp2.inrim.it,time.nhq | |
cname=ntp1.oma.be,time.nhq | |
cname=ntp2.oma.be,time.nhq | |
cname=ntp.atomki.mta.hu,time.nhq | |
cname=ntp.i2t.ehu.eus,time.nhq | |
cname=ntp.neel.ch,time.nhq | |
cname=ntp.neu.edu.cn,time.nhq | |
cname=ntps1.pads.ufrj.br,time.nhq | |
cname=ntp.shoa.cl,time.nhq | |
cname=time.esa.int,time.nhq | |
cname=time1.esa.int,time.nhq | |
cname=time.izatcloud.net,time.nhq | |
cname=xtratime.qcomgeo2.com,time.nhq | |
cname=time.xboxprod.izatcloud.net,time.nhq |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
keyfile /etc/chrony/chrony.keys | |
driftfile /var/lib/chrony/chrony.drift | |
makestep 1 5 | |
maxupdateskew 100.0 | |
leapsectz right/UTC | |
logdir /var/log/chrony | |
log measurements statistics tracking | |
local stratum 10 | |
hwtimestamp * | |
rtcsync | |
allow 10.0.0.0/8 | |
bindcmdaddress 127.0.0.1 | |
bindcmdaddress ::1 | |
server 0.upstream.time.nhq burst iburst minpoll 4 maxpoll 4 | |
server 1.upstream.time.nhq burst iburst minpoll 4 maxpoll 4 | |
server 2.upstream.time.nhq burst iburst minpoll 4 maxpoll 4 | |
server 3.upstream.time.nhq burst iburst minpoll 4 maxpoll 4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
UPSTREAM_SERVERS=('navobs1.gatech.edu' 'time-e-g.nist.gov' 'utcnist2.colorado.edu' 'time-d-wwv.nist.gov') | |
UPSTREAM_DNS="127.127.0.1" | |
DIG_ARGS="+short +time=3" | |
DNS_NTP_CFGFILE="/etc/dnsmasq.d/03-ntp.conf" | |
rm -f /tmp/ntp_upstream /tmp/ntp_dummy.conf | |
touch /tmp/ntp_upstream | |
chown root:root /tmp/ntp_upstream | |
chmod 600 /tmp/ntp_upstream | |
touch /tmp/ntp_dummy.conf | |
chown root:root /tmp/ntp_dummy.conf | |
chmod 600 /tmp/ntp_dummy.conf | |
echo "addn-hosts=/tmp/ntp_upstream" > /tmp/ntp_dummy.conf | |
i=0 | |
for SERVER in "${UPSTREAM_SERVERS[@]}" | |
do | |
IP=`dig $SERVER @$UPSTREAM_DNS $DIG_ARGS` | |
RET=$? | |
if [[ $RET -ne 0 ]] | |
then | |
echo "[`date`] ERROR! lookup $SERVER via $UPSTREAM_DNS ($DIG_ARGS): $IP" | |
continue | |
else | |
echo "$IP $i.upstream.time.nhq" >>/tmp/ntp_upstream | |
i=$((i+1)) | |
fi | |
done | |
DB_ENTRIES=`cat /tmp/ntp_upstream | wc -l` | |
if [[ $DB_ENTRIES -eq 0 ]] | |
then | |
echo "[`date`] Upstream queries returned no entries! Exiting." | |
rm -f /tmp/ntp_upstream.bak /tmp/ntp_upstream /tmp/ntp_dummy.conf | |
exit 1 | |
fi | |
/usr/sbin/dnsmasq -C /tmp/ntp_dummy.conf --test 2>&1 >/dev/null | |
if [[ $? -eq 0 ]] | |
then | |
# Is the file we generated different from the current upstream database? | |
diff /tmp/ntp_upstream /etc/ntp_upstream.hosts 2>&1 >/dev/null | |
if [[ $? -ne 0 ]] | |
then | |
echo "[`date`] Database change detected, updating..." | |
cp /etc/ntp_upstream.hosts /tmp/ntp_upstream.bak 2>&1 >/dev/null | |
cp /tmp/ntp_upstream /etc/ntp_upstream.hosts | |
/usr/sbin/dnsmasq -C $DNS_NTP_CFGFILE --test 2>&1 >/dev/null | |
if [[ $? -eq 0 ]] | |
then | |
echo "[`date`] Database installation successful. Restarting DNS server..." | |
chmod 644 /etc/ntp_upstream.hosts | |
systemctl reload pihole-FTL | |
systemctl restart pihole-FTL | |
else | |
echo "[`date`] Database installation FAILED, leaving current database unchanged." | |
mv /tmp/ntp_upstream.bak /etc/ntp_upstream.hosts | |
chmod 644 /etc/ntp_upstream.hosts | |
fi | |
else | |
echo "[`date`] Upstream check succeeded, matches what we have on record." | |
fi | |
else | |
echo "[`date`] Failed to generate valid config. Check your upstream servers!" | |
fi | |
rm -f /tmp/ntp_upstream.bak /tmp/ntp_upstream /tmp/ntp_dummy.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment