Does NTP should update time after manual change?

by

I have configured NTP service and I’ve checked it by the following way:

  1. Disable NTP
  2. Adjust time
  3. Enable NTP

Host’s time fixed in few seconds. But if I do:

  1. Enable NTP
  2. Adjust time

Time is not fixed. Should be time fixed in this case?
I’m setting time by command like /bin/date -s "4:2" && /sbin/hwclock -w
OS: Debian 3.2.68-1+deb7u5
ntp.conf (all default, except server line): 

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift


# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
#server 0.debian.pool.ntp.org iburst
#server 1.debian.pool.ntp.org iburst
#server 2.debian.pool.ntp.org iburst
#server 3.debian.pool.ntp.org iburst


# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

Answer

The answer is “yes and no”.

NTP won’t update time on server when difference between local and ntp-server is too high (I think it’s about 0.5s?). But it can restore time after some amount of time to correct when it detects too big difference and decide to do so.

You can change that time using:

tinker panic 0 stepout 120

Which will return to correct time after 2 minutes (default 15 if I remember correctly… depends on implementation of course).

Why is that?

NTP tries to as small fixes as he can so keep time linear and really correct. If difference is too big, he can’t keep it correctly cause it can take ages to fix time (fixes are about 1-10ms mostly).

Too big difference can happen on normal operating too, when your local clock works inproperly and too slow, so difference is getting bigger and bigger, and finally it gets so big that ntpd refuses to fixing time anymore.

Attribution
Source : Link , Question Author : Jury , Answer Author : morsik

Leave a Comment