Many NTP daemons fail in different areas. Some are complex, follow
archaic design practices, and are difficult to configure. Others are
overly simplistic, only support client-side synchronization, or are
simply immature.
In an increasingly NTP-synchronized world, it is important to have a
free implementation that provides good time synchronization while
still maintaining high security and ease of configurability.
To satisfy those goals, OpenNTPD has:
- Over 10 years of proven reliability.
- A simple and easily understandable codebase.
- Server and client-side synchronization. OpenNTPD is suitable for
everything from synchronizing your home router, laptop, or
thousand-node server cluster.
- Privilege separation that isolates the unprivileged networking
code from the privileged time-setting code. The daemon runs
in a chroot environment, further limiting its capabilities.
- Privilege-separated DNS support that works dynamically during
runtime, permitting late resolution even if the network is down
at startup. This is important for long-running use of the
NTP pools cluster.
- Besides using
adjtime(2)
for coarse time adjustments, OpenNTPD can do fine-grained time
adjustment via the
adjfreq(2)
and ntp_adjtime system calls.
- Integration with time-synchronization hardware where the
sensorsd(8)
framework is available.
- Support for validation of received ntp time against a https secured
secondary source.
- Ability to bootstrap time in a secure way, even for machines lacking a
battery backed up real time clock.
- Support for virtual routing tables (called rdomains in OpenBSD)
to isolate the networks that OpenNTPD can reach.
- An ntpctl(8)
command for querying real-time synchronization status.
- Integrates the latest secure API advances from OpenBSD such as
getentropy(2),
arc4random(3)
(a fail-safe CSRNG that works in chroot environments), and
reallocarray(3)
(an integer overflow-checking malloc/calloc/realloc replacement).