Skip to content

Instantly share code, notes, and snippets.

@jauderho
Last active August 9, 2024 18:56
Show Gist options
  • Save jauderho/2ad0d441760fc5ed69d8d4e2d6b35f8d to your computer and use it in GitHub Desktop.
Save jauderho/2ad0d441760fc5ed69d8d4e2d6b35f8d to your computer and use it in GitHub Desktop.
A curated list of NTP time servers that support NTS
@mdavids
Copy link

mdavids commented Jul 26, 2022

Some more background about the TimeNL-servers that support NTS.

They are:

ntppool1.time.nl
ntppool2.time.nl

nts1.time.nl is used for testing and not recommended for production.

The information can be found here: https://nts.time.nl/ and more general information about TimeNL can be found here: https://time.nl/index_en.html

@catharsis71
Copy link

I have some stratum 2 servers running NTS that anyone is welcome to sync to, IPV4 and IPV6 on all of them:

nl.cracky-chan.com
us.cracky-chan.com
uk1.cracky-chan.com
uk2.cracky-chan.com

there's also a DNS name ntp.cracky-chan.com that includes all 4 servers so could be used as a pool address

the servers are using wildcard SSL certs so older versions of ntpsec may refuse to connect to them; ntpsec added support for wildcard SSL certs in April but there hasn't been a tagged release since then

@Tungsten842
Copy link

https://system76.com/time
paris.time.system76.com
brazil.time.system76.com
system76 has two more nts servers, they should be added.

@sergeevabc
Copy link

Comrades, is there any way to sync time via NTS on Windows? Command-line utility?

@bclaymiles
Copy link

FYI, I will soon be shutting down public access to ntpsec.anastrophe.com for both NTP and NTS. I'll still offer peering by request.

@macifell
Copy link

macifell commented Mar 5, 2023

This list and the exceptional one compiled by @MarcelWaldvogel at https://netfuture.ch/2021/12/transparent-trustworthy-time-with-ntp-and-nts/ are invaluable resources for folks trying to get NTS running.

These two lists have not been updated in nearly six months though, and until they become active again I have started my own list of servers here:
https://gitlab.com/-/snippets/2481323

^ This list is now private as @jauderho has created a repo to allow pull requests for updating servers.

I have also added the stratum and sources of all listed servers in the hopes it will be useful.

It is not my intent to replace any other list, but I think it's crucial to have up to date information available as this protocol starts to become more widely used.

@cadusilva
Copy link

cadusilva commented Mar 5, 2023

@macifell I updated my NTP/NTS server address, located in Brazil. I'm using Chrony but not sure if the NTS part is working. Can you try it out?

The new address is:

time.bolha.one

@macifell
Copy link

macifell commented Mar 5, 2023

@cadusilva Sure, it seems to be working. A few suggestions:

  1. If you have the ability, it would be nice to set up reverse dns for the server. It will look better in the chronyc sources output.
  2. It would be also be great to have a web page set up to provide information on the state and access policy of the server. This project can be used to get something running quickly: https://github.com/macifell/chrony-graph - but even something more basic will be helpful.

@cadusilva
Copy link

cadusilva commented Mar 5, 2023

Thank you @macifell! Currently I can't set up reverse DNS as this is a static IP from my ISP and I have no control, but I would if I could. About the second point, I can redirect the server hostname to this URL as a middle ground.

@macifell
Copy link

macifell commented Mar 5, 2023

@cadusilva Sure, no problem 🙂

Yeah, reverse DNS can be annoying (if not impossible) to set up and that NTP Score page is cool as a redirect.

@jauderho
Copy link
Author

jauderho commented Mar 7, 2023

@macifell I have checked out your link and I am unsure if it makes sense to keep the "Secure Source?" column. To me, that seems to imply more trust to certain systems where it is not possible to qualify.

I would rather just have a list of servers that folks can use decide for themselves which ones they want to trust and use. To that end and given that it appears not to be possible to generate pull requests against gists, I have gone ahead and created https://github.com/jauderho/nts-servers to make it easier to create a formal list that can accept pull requests.

I have taken a first stab at adding some entries. If you have your file in Markdown format, I will happily accept a pull request. Else, I will try to add to this when I have time. Eventually, I hope to retire this gist and redirect to the repo.

@macifell
Copy link

macifell commented Mar 7, 2023

@jauderho That's a great idea! I do not want to have another competing list, I just want to make sure this information is kept up to date.

Whether or not an NTS server gets its time securely does play into the concept of trust, as it could just be repackaging insecure time:
https://netfuture.ch/2022/01/configuring-an-nts-capable-ntp-server/#upstream-server-choice

If there is no statement from the administrator and the observable source is not secure, then I think it is reasonable to determine that it is not as secure as it could be. While this isn't perfect, it would at least give someone a reason to ask about how this is being done - even if they trust the source individual or company. Of course, this information could be forged (or lied about), so trust of the administrator is the primary consideration. I do intend to ask the administrator of each server marked with an 'N' about how they get their time - and I also monitor this value over time and will mark additional sources as they show up.

That being said, I do not think it's necessary to include that information in the official list. I'm only keeping track of it in mine because I find it interesting.

@jauderho
Copy link
Author

jauderho commented Mar 7, 2023

@macifell I forgot to grab a copy of your list before you made it private. Could you make it public temporarily or post a copy in the comments so that I can format it as a starting point into Markdown? Thanks.

@macifell
Copy link

macifell commented Mar 8, 2023

@jauderho I'm actually working on a pull request right now to add in those servers 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment