OpenNTPD

The development of OpenNTPD was motivated by a combination of issues with current NTP daemons: difficult configuration, complicated and difficult to audit code, and unsuitable licensing.{{cite web |url = http://www.openntpd.org/goals.html |title = OpenNTPD Goals |author = The OpenNTPD Project |website = The OpenNTPD Project |access-date = 3 April 2016}} OpenNTPD was designed to solve these problems and make time synchronization accessible to a wider userbase. After a period of development, OpenNTPD first appeared in OpenBSD 3.6.{{cite web |url = https://www.openbsd.org/36.html |title = OpenBSD 3.6 |author = The OpenBSD Project |date = 1 November 2004 |website = The OpenBSD Project |access-date = 3 April 2016}} Its first release was announced on 2 November 2004.{{cite mailing list |url = http://marc.info/?l=openbsd-announce&m=109941451516444 |title = OpenNTPD 3.6 released |last = Brauer |first = Henning |mailing-list = openbsd-announce |date = 2 November 2004 |publisher= MARC |access-date = 7 June 2014}}

OpenNTPD is an attempt by the OpenBSD team to produce an NTP daemon implementation that is secure, simple to audit, trivial to set up and administer, reasonably accurate, and light on system resources. As such, the design goals for OpenNTPD are: security, ease of use, and performance.{{cite web |url = https://www.openbsd.org/papers/ntpd_sucon04/mgp00003.html |title = Page 3: OpenNTPD – Design Goals |last1 = Brauer |first1= Henning |date = September 2004 |website = The OpenBSD Project |access-date = 16 September 2006}} Security in OpenNTPD is achieved by robust validity check in the network input path, use of bounded buffer operations via strlcpy, and privilege separation to mitigate the effects of possible security bugs exploiting the daemon through privilege escalation. In order to simplify the use of NTP, OpenNTPD implements a smaller set of functionalities than those available in other NTP daemons, such as that provided by the Network Time Protocol Project. The objective is to provide enough features to satisfy typical usage at the risk of unsuitability for esoteric or niche requirements. OpenNTPD is configured through the configuration file, ntpd.conf.{{man|5|ntpd.conf|OpenBSD}}. 26 May 2006. Retrieved 16 September 2006. A minimal number of options are offered: IP address or hostname on which OpenNTPD should listen, a timedelta sensor device to be used, and the set of servers from which the time will be synchronized. The accuracy of OpenNTPD is best-effort; the daemon attempts to be as accurate as possible but no specific accuracy is guaranteed.

OpenNTPD gradually adjusts the system clock, as seen here in the output of OpenNTPD running on a Linux system:

$ grep ntpd /var/log/daemon.log | grep adjusting
Aug  4 03:32:20 nikolai ntpd[4784]: adjusting local clock by -1.162333s
Aug  4 03:36:08 nikolai ntpd[4784]: adjusting local clock by -1.023899s
Aug  4 03:40:02 nikolai ntpd[4784]: adjusting local clock by -0.902637s
Aug  4 03:43:43 nikolai ntpd[4784]: adjusting local clock by -0.789431s
Aug  4 03:47:35 nikolai ntpd[4784]: adjusting local clock by -0.679320s
Aug  4 03:50:45 nikolai ntpd[4784]: adjusting local clock by -0.605858s
Aug  4 03:53:31 nikolai ntpd[4784]: adjusting local clock by -0.529821s

OpenNTPD has been criticized as being less accurate than the NTP daemon produced by the NTP Project (ntp.org).{{cite web |url = http://www.openbsd.org/faq/faq6.html#OpenNTPDaccurate |title = FAQ 6.12.1: 'But OpenNTPD isn't as accurate as the ntp.org daemon!' |author = The OpenBSD Project |date = 21 August 2006 |website = The OpenBSD Project |access-date = 2020-05-14 |archive-url = https://web.archive.org/web/20160205120110/http://www.openbsd.org/faq/faq6.html#OpenNTPDaccurate |archive-date = 2016-02-05 |url-status = dead}} Internally, OpenNTPD does not maintain millisecond accuracy and can vary 50-200ms from "real" time because it omits a variety of algorithms that increase accuracy in favour of code simplicity. The OpenNTPD project acknowledged the criticism, but stated that the lack of microsecond precision was a design tradeoff that benefited simplicity and security. The OpenNTPD design goals state the project's intent is to "[r]each a reasonable accuracy" without sacrificing "secure design for getting that last nanosecond or obscure edge case."{{citation|author=OpenNTPD authors | year = 2004 | chapter= Goals | title= OpenNTPD | chapter-url = http://www.openntpd.org/goals.html | publisher = OpenNTPD project}}.

In September 2004, shortly after the release of OpenNTPD 3.6, ntp.org contributor Brad Knowles published an article entitled OpenNTPd Considered Harmful{{cite web |url = http://bradknowles.typepad.com/considered_harmful/2004/09/openntpd.html |archive-url = https://web.archive.org/web/20050304032724/http://bradknowles.typepad.com/considered_harmful/2004/09/openntpd.html |archive-date = 4 March 2005 |title = OpenNTPd Considered Harmful |last1 = Knowles |first1 = Brad |date = 22 September 2004 |website = Considered Harmful |access-date = 16 September 2006 |url-status = dead }} criticizing various aspects of OpenNTPD's implementation of the NTP protocol, as well as the split development model that the project employs, which is also used in the development of OpenSSH and OpenBGPD. In December 2004, Darren Tucker, the principal developer on the portable branch of OpenNTPD, wrote a detailed response to Knowles, acknowledging some issues as valid, rejecting several others as unwarranted, and considering yet others as misleading.{{cite web |url = http://www.advogato.org/person/dtucker/diary/52.html |title = Response to OpenNTPd Considered Harmful |last1 = Tucker |first1 = Darren |date = 12 December 2004 |website = Advogato: Blog for dtucker |access-date = 16 September 2006}} Among the more serious issues raised by Knowles was that OpenNTPD servers claimed to be stratum 1 servers. The issue had however already been fixed by the time of Tucker's response. In March 2005, Knowles acknowledged Tucker's response, and stated that he was "going to do everything [he could] to work with [Tucker] to get any remaining issues resolved".{{cite web |url = http://bradknowles.typepad.com/considered_harmful/2005/03/update_openntpd.html |archive-url = https://web.archive.org/web/20060525024703/http://bradknowles.typepad.com/considered_harmful/2005/03/update_openntpd.html |archive-date = 25 May 2006 |title = Update: OpenNTPd... |last1 = Knowles |first1 = Brad |date = 12 March 2005 |website = Considered Harmful |access-date = 16 September 2006 |url-status = dead }} Additionally, the OpenBSD networking FAQ was expanded with a response to Knowles' initial criticism.{{cite web |url = http://www.openbsd.org/faq/faq6.html#OpenNTPDharmful |title = FAQ: 6.12.2: 'Someone has claimed that OpenNTPD is 'harmful'!' |author = The OpenBSD Project |date = 21 August 2006 |website = The OpenBSD Project |access-date = 16 September 2006 |archive-url = https://web.archive.org/web/20060924134221/http://www.openbsd.org/faq/faq6.html#OpenNTPDharmful |archive-date = 24 September 2006 |url-status = dead }}

The current OpenNTPD accuracy claim is, from the 2004 21C3 presentation, "typically 50 ms".{{cite web |last1=Brauer |first1=Henning |title=OpenBGPD and OpenNTPD |url=https://quigon.bsws.de/papers/21c3/ |website=quigon.bsws.de}}

OpenNTPD (and the OpenBSD kernel) ignore leap seconds.{{cite web | url=http://undeadly.org/cgi?action=article&sid=20150628132834 | title=Handling Leap Seconds the OpenBSD Way | date=28 June 2015 | work=OpenBSD Journal | access-date=9 October 2018 }} Care should be taken when using OpenNTPD as a higher-stratum source for other ntpd servers, or with high-resolution time requirements that reference Coordinated Universal Time. Leap seconds are used in Coordinated Universal Time, but not International Atomic Time or Global Positioning System time signals. The 50-ms accuracy is also not typical of a high-stratum source.

The United States Naval Observatory and the Bureau International des Poids et Mesures recommends that systems not implementing leap seconds be referenced to International Atomic Time, or directly to GPS time signals.{{cite web | url=https://tycho.usno.navy.mil/leapsec.html | title=Leap Seconds | work=United States Naval Observatory | access-date=27 February 2019 | archive-url=https://web.archive.org/web/20171224204722/http://tycho.usno.navy.mil/leapsec.html | archive-date=24 December 2017 | url-status=dead }} However, no current version of NTP ({{as of|2023}}) supports non-UTC time scales.

{{Reflist}}

{{Portal|Free and open-source software}}

• {{man|8|ntpd|OpenBSD}}
• [https://www.openbsd.org/papers/ntpd_sucon04/index.html A paper explaining OpenNTPD by Henning Brauer]
• [https://www.openbsd.org/faq/faq8.html#OpenNTPD OpenBSD FAQ: Using OpenNTPD]

{{OpenBSD}}

Category:Network time-related software

Category:BSD software

NTPD

Category:OpenBSD software using the ISC license