NTP ConfigurationΒΆ

Outside of the NTP server mode, the namespace of the NTP daemon can be set by the following command:

ntp namespace (host|dataplane):

Configures the namespace (Networking Namespaces) in which the NTP daemon will run. Running in the host namespace, NTP has access to host OS interfaces and routing, which is suitable for reaching internal time servers. Running in the dataplane namespace enables NTP to act as a server for clients connected to TNSR interfaces as well as reach servers to which TNSR can route.

NTP is capable of operating in either namespace, but only in one namespace at a time.

Inside NTP server mode, the NTP daemon has a variety of options to fine-tune its timekeeping behavior.

interface sequence <seq> <action> <address>:

Interface binding options. The default behavior when no interface configuration entries are present is to bind to all available addresses on the host.


The sequence number controls the order of the interface definitions in the NTP daemon configuration.


The action taken for NTP traffic on this interface, it can be one of:


Bind the daemon to this interface, but drop NTP traffic.


Do not bind the daemon to this interface.


Bind the daemon to this interface and use it for NTP traffic.


The address or interface to bind. This may be:

prefix <prefix>:

An IPv4/IPv6 prefix, which will bind to only that specific address.

interface <if-name>:

An interface name, which will bind to every address on that interface.


Bind to all interfaces and addresses on TNSR.

server <address|host> <server>:

Defines an NTP peer with which the daemon will attempt to synchronize the clock. This command enters config-ntp-server mode. The server may be specified as:

address <IPv4/IPv6 Address>:

An IPv4 or IPv6 address specifying a single NTP server.

host <fqdn>:

A fully qualified domain name, which will be resolved using DNS.

Within config-ntp-server mode, additional commands are available that control how NTP interacts with the specified server:


Use 8 packets on unreachable servers, which results in faster synchronization at startup and when a peer is recovering.

maxpoll <poll>:

Maximum polling interval for NTP messages. This is specified as a power of 2, in seconds. May be between 7 and 17, defaults to 10 (1024 seconds).


Instructs NTP to not use the server for synchronization, but it will still connect and display statistics from the server.


When set, NTP will prefer this server if it and multiple other servers are all viable candidates of equal quality.

operational-mode server:

This entry is a single server. When the server is specified as an FQDN, if the DNS response contains multiple entries then only one is selected. Can also be used with IPv4/IPv6 addresses directly, rather than FQDN entries.

operational-mode pool:

This entry is a pool of servers. Only compatible with FQDN hosts. NTP will expect multiple records in the DNS response and will use all of these entries as distinct servers. This is a reliable way to configure multiple NTP peers with minimal configuration.


An operational-mode is required.

tinker panic <n>:

Sets the NTP panic threshold, in seconds. This is a sanity check which will cause NTP to fail if the difference between the local and remote clocks is too great. Commonly set to 0 to disable this check so that NTP will still synchronize when its clock is off by a large factor. The default value is 1000.

tos orphan <n>:

Configures the stratum of orphan mode servers from 1 to 16. When all UTC reference peers below this stratum are unreachable, clients in the same subnet may use each other as references as a last resort.

driftfile <file>:

Full path to the filename used by the NTP daemon to store clock drift information to improve accuracy over time. This file and its directory must be writable by the ntp user or group.

statsdir <file>:

Full path to statistics directory used by the NTP daemon. This directory must be writable by the ntp user or group.

<enable|disable> monitor:

Explicitly enables or disables the monitoring facility used to poll the NTP daemon for information about peers and other statistics.

This is enabled by default, and is also enabled if limited is present in any restrict entries. This is required for show ntp <x> commands which display peer information to function.


To return to the default behavior after configuring an explicit enabled or disabled state, negate the option with no. For example, if the monitor was explicitly enabled with enable monitor, then use no enable monitor to return to the default behavior.