A curated list of NTP time servers that support NTS

Time Servers with NTS support.md

*** ALERT ***

This gist has migrated to the repo below.

Please submit new entries as pull requests to https://github.com/jauderho/nts-servers.

Initial source: https://docs.ntpsec.org/latest/NTS-QuickStart.html

Systems76's NTS enabled time servers are the following:

server virginia.time.system76.com iburst nts
server ohio.time.system76.com iburst nts
server oregon.time.system76.com iburst nts

(in response to Pentaphons message)

Some more background about the TimeNL-servers that support NTS.

They are:

ntppool1.time.nl
ntppool2.time.nl

nts1.time.nl is used for testing and not recommended for production.

The information can be found here: https://nts.time.nl/ and more general information about TimeNL can be found here: https://time.nl/index_en.html

I have some stratum 2 servers running NTS that anyone is welcome to sync to, IPV4 and IPV6 on all of them:

nl.cracky-chan.com
us.cracky-chan.com
uk1.cracky-chan.com
uk2.cracky-chan.com

there's also a DNS name ntp.cracky-chan.com that includes all 4 servers so could be used as a pool address

the servers are using wildcard SSL certs so older versions of ntpsec may refuse to connect to them; ntpsec added support for wildcard SSL certs in April but there hasn't been a tagged release since then

https://system76.com/time
paris.time.system76.com
brazil.time.system76.com
system76 has two more nts servers, they should be added.

Comrades, is there any way to sync time via NTS on Windows? Command-line utility?

FYI, I will soon be shutting down public access to ntpsec.anastrophe.com for both NTP and NTS. I'll still offer peering by request.

This list and the exceptional one compiled by @MarcelWaldvogel at https://netfuture.ch/2021/12/transparent-trustworthy-time-with-ntp-and-nts/ are invaluable resources for folks trying to get NTS running.

These two lists have not been updated in nearly six months though, and until they become active again I have started my own list of servers here:
https://gitlab.com/-/snippets/2481323
^ This list is now private as @jauderho has created a repo to allow pull requests for updating servers.

I have also added the stratum and sources of all listed servers in the hopes it will be useful.

It is not my intent to replace any other list, but I think it's crucial to have up to date information available as this protocol starts to become more widely used.

@macifell I updated my NTP/NTS server address, located in Brazil. I'm using Chrony but not sure if the NTS part is working. Can you try it out?

The new address is:

time.bolha.one

@cadusilva Sure, it seems to be working. A few suggestions:

1. If you have the ability, it would be nice to set up reverse dns for the server. It will look better in the chronyc sources output.
2. It would be also be great to have a web page set up to provide information on the state and access policy of the server. This project can be used to get something running quickly: https://github.com/macifell/chrony-graph - but even something more basic will be helpful.

Thank you @macifell! Currently I can't set up reverse DNS as this is a static IP from my ISP and I have no control, but I would if I could. About the second point, I can redirect the server hostname to this URL as a middle ground.

@cadusilva Sure, no problem 🙂

Yeah, reverse DNS can be annoying (if not impossible) to set up and that NTP Score page is cool as a redirect.

@macifell I have checked out your link and I am unsure if it makes sense to keep the "Secure Source?" column. To me, that seems to imply more trust to certain systems where it is not possible to qualify.

I would rather just have a list of servers that folks can use decide for themselves which ones they want to trust and use. To that end and given that it appears not to be possible to generate pull requests against gists, I have gone ahead and created https://github.com/jauderho/nts-servers to make it easier to create a formal list that can accept pull requests.

I have taken a first stab at adding some entries. If you have your file in Markdown format, I will happily accept a pull request. Else, I will try to add to this when I have time. Eventually, I hope to retire this gist and redirect to the repo.

@jauderho That's a great idea! I do not want to have another competing list, I just want to make sure this information is kept up to date.

Whether or not an NTS server gets its time securely does play into the concept of trust, as it could just be repackaging insecure time:
https://netfuture.ch/2022/01/configuring-an-nts-capable-ntp-server/#upstream-server-choice

If there is no statement from the administrator and the observable source is not secure, then I think it is reasonable to determine that it is not as secure as it could be. While this isn't perfect, it would at least give someone a reason to ask about how this is being done - even if they trust the source individual or company. Of course, this information could be forged (or lied about), so trust of the administrator is the primary consideration. I do intend to ask the administrator of each server marked with an 'N' about how they get their time - and I also monitor this value over time and will mark additional sources as they show up.

That being said, I do not think it's necessary to include that information in the official list. I'm only keeping track of it in mine because I find it interesting.

@macifell I forgot to grab a copy of your list before you made it private. Could you make it public temporarily or post a copy in the comments so that I can format it as a starting point into Markdown? Thanks.

@jauderho I'm actually working on a pull request right now to add in those servers 🙂