OpenNTPD (aka OpenBSD NTP Daemon)
"Saving the world again... on time"
Developer(s)The OpenBSD Project
Stable release
6.8p1 / 7 December 2020; 9 months ago (2020-12-07)[1]
Repositoryhttps://github.com/openntpd-portable
Written inC
Operating systemOpenBSD, FreeBSD, NetBSD, Linux, macOS, Solaris[2]
Standard(s)RFC 1305, RFC 5905
TypeTime synchronization
LicenseISC
Websitewww.openntpd.org

OpenNTPD (also known as OpenBSD NTP Daemon) is a Unix daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. It is also able to act as an NTP server to NTP-compatible clients.

OpenBSD NTP Daemon is primarily developed by Henning Brauer as part of the OpenBSD project. Its design goals include being secure (non-exploitable), easy to configure, and accurate enough for most purposes. Its portable version, like that of OpenSSH,[3] is developed as a child project which adds the portability code to the OpenBSD version and releases it separately. The portable version is developed by Brent Cook.[4] The project developers receive some funding from the OpenBSD Foundation.

History

The development of OpenNTPD was motivated by a combination of issues with current NTP daemons: difficult configuration, complicated and difficult to audit code, and unsuitable licensing.[5] OpenNTPD was designed to solve these problems and make time synchronization accessible to a wider userbase. After a period of development, OpenNTPD first appeared in OpenBSD 3.6.[6] Its first release was announced on 2 November 2004.[7]

Goals

OpenNTPD is an attempt by the OpenBSD team to produce an NTP daemon implementation that is secure, simple to audit, trivial to set up and administer, reasonably accurate, and light on system resources. As such, the design goals for OpenNTPD are: security, ease of use, and performance.[8] Security in OpenNTPD is achieved by robust validity check in the network input path, use of bounded buffer operations via strlcpy, and privilege separation to mitigate the effects of possible security bugs exploiting the daemon through privilege escalation. In order to simplify the use of NTP, OpenNTPD implements a smaller set of functionalities than those available in other NTP daemons, such as that provided by the Network Time Protocol Project. The objective is to provide enough features to satisfy typical usage at the risk of unsuitability for esoteric or niche requirements. OpenNTPD is configured through the configuration file, ntpd.conf.[9] A minimal number of options are offered: IP address or hostname on which OpenNTPD should listen, a timedelta sensor device to be used, and the set of servers from which the time will be synchronized. The accuracy of OpenNTPD is best-effort; the daemon attempts to be as accurate as possible but no specific accuracy is guaranteed.

Example

OpenNTPD gradually adjusts the system clock, as seen here in the output of OpenNTPD running on a Linux system:

$ grep ntpd /var/log/daemon.log | grep adjusting
Aug  4 03:32:20 nikolai ntpd[4784]: adjusting local clock by -1.162333s
Aug  4 03:36:08 nikolai ntpd[4784]: adjusting local clock by -1.023899s
Aug  4 03:40:02 nikolai ntpd[4784]: adjusting local clock by -0.902637s
Aug  4 03:43:43 nikolai ntpd[4784]: adjusting local clock by -0.789431s
Aug  4 03:47:35 nikolai ntpd[4784]: adjusting local clock by -0.679320s
Aug  4 03:50:45 nikolai ntpd[4784]: adjusting local clock by -0.605858s
Aug  4 03:53:31 nikolai ntpd[4784]: adjusting local clock by -0.529821s

Criticism

OpenNTPD has been criticized as being less accurate than the NTP daemon produced by the NTP Project (ntp.org).[10] Internally, OpenNTPD does not maintain millisecond accuracy and can vary 50-200ms from "real" time because it omits a variety of algorithms that increase accuracy in favour of code simplicity. The OpenNTPD project acknowledged the criticism, but stated that the lack of microsecond precision was a design tradeoff that benefited simplicity and security.[10] The OpenNTPD design goals state the project's intent is to "[r]each a reasonable accuracy" without sacrificing "secure design for getting that last nanosecond or obscure edge case."[11]

In September 2004, shortly after the release of OpenNTPD 3.6, ntp.org contributor Brad Knowles published an article entitled OpenNTPd Considered Harmful[12] criticizing various aspects of OpenNTPD's implementation of the NTP protocol, as well as the split development model that the project employs, which is also used in the development of OpenSSH and OpenBGPD. In December 2004, Darren Tucker, the principal developer on the portable branch of OpenNTPD, wrote a detailed response to Knowles, acknowledging some issues as valid, rejecting several others as unwarranted, and considering yet others as misleading.[13] Among the more serious issues raised by Knowles was that OpenNTPD servers claimed to be stratum 1 servers. The issue had however already been fixed by the time of Tucker's response. In March 2005, Knowles acknowledged Tucker's response, and stated that he was "going to do everything [he could] to work with [Tucker] to get any remaining issues resolved".[14] Additionally, the OpenBSD networking FAQ was expanded with a response to Knowles' initial criticism.[15]

Leap Seconds

OpenNTPD (and the OpenBSD kernel) ignore leap seconds.[16] Care should be taken when using OpenNTPD as a higher-stratum source for other ntpd servers, or with high-resolution time requirements that reference Coordinated Universal Time. Leap seconds are used in Coordinated Universal Time, but not International Atomic Time or Global Positioning System time signals.

The United States Naval Observatory and the Bureau International des Poids et Mesures recommends that systems not implementing leap seconds be referenced to International Atomic Time, or directly to GPS time signals.[17]

References

  1. ^ "OpenNTPD". Retrieved 9 December 2020.
  2. ^ "OpenNTPD Portable Release". OpenBSD. Retrieved 3 April 2016.
  3. ^ "openssh/openssh-portable". GitHub. Retrieved 13 May 2016.
  4. ^ "openntpd-portable/openntpd-portable". GitHub. Retrieved 13 May 2016.
  5. ^ The OpenNTPD Project. "OpenNTPD Goals". The OpenNTPD Project. Retrieved 3 April 2016.
  6. ^ The OpenBSD Project (1 November 2004). "OpenBSD 3.6". The OpenBSD Project. Retrieved 3 April 2016.
  7. ^ Brauer, Henning (2 November 2004). "OpenNTPD 3.6 released". openbsd-announce (Mailing list). MARC. Retrieved 7 June 2014.
  8. ^ Brauer, Henning (September 2004). "Page 3: OpenNTPD – Design Goals". The OpenBSD Project. Retrieved 16 September 2006.
  9. ^ ntpd.conf(5) – OpenBSD File Formats Manual. 26 May 2006. Retrieved 16 September 2006.
  10. ^ a b The OpenBSD Project (21 August 2006). "FAQ 6.12.1: 'But OpenNTPD isn't as accurate as the ntp.org daemon!'". The OpenBSD Project. Archived from the original on 5 February 2016. Retrieved 14 May 2020.
  11. ^ OpenNTPD authors (2004), "Goals", OpenNTPD, OpenNTPD project.
  12. ^ Knowles, Brad (22 September 2004). "OpenNTPd Considered Harmful". Considered Harmful. Archived from the original on 4 March 2005. Retrieved 16 September 2006.
  13. ^ Tucker, Darren (12 December 2004). "Response to OpenNTPd Considered Harmful". Advogato: Blog for dtucker. Retrieved 16 September 2006.
  14. ^ Knowles, Brad (12 March 2005). "Update: OpenNTPd..." Considered Harmful. Archived from the original on 25 May 2006. Retrieved 16 September 2006.
  15. ^ The OpenBSD Project (21 August 2006). "FAQ: 6.12.2: 'Someone has claimed that OpenNTPD is 'harmful'!'". The OpenBSD Project. Archived from the original on 24 September 2006. Retrieved 16 September 2006.
  16. ^ "Handling Leap Seconds the OpenBSD Way". OpenBSD Journal. 28 June 2015. Retrieved 9 October 2018.
  17. ^ "Leap Seconds". United States Naval Observatory. Archived from the original on 24 December 2017. Retrieved 27 February 2019.