File: [local] / www / openntpd / features.html (download) (as text)
Revision 1.18, Tue Oct 5 18:25:29 2021 UTC (2 years, 8 months ago) by tj
Branch: MAIN
CVS Tags: HEAD Changes since 1.17: +1 -1 lines
https for openbgpd.org and openntpd.org links
|
<!doctype html>
<html lang=en>
<meta charset=utf-8>
<title>OpenNTPD: Features</title>
<meta name="description" content="OpenNTPD Features">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openntpd.org/features.html">
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>NTPD</b></a>
Features
</h2>
<hr>
<p>
Many NTP daemons fail in different areas. Some are complex, follow
archaic design practices, and are difficult to configure. Others are
overly simplistic, only support client-side synchronization, or are
simply immature.
<p>
In an increasingly NTP-synchronized world, it is important to have a
free implementation that provides good time synchronization while
still maintaining high security and ease of configurability.
<p>
To satisfy those goals, OpenNTPD has:
<ul>
<li>Over 10 years of proven reliability.
<li>A simple and easily understandable codebase.
<li>Server and client-side synchronization. OpenNTPD is suitable for
everything from synchronizing your home router, laptop, or
thousand-node server cluster.
<li>Privilege separation that isolates the unprivileged networking
code from the privileged time-setting code. The daemon runs
in a chroot environment, further limiting its capabilities.
<li>Privilege-separated DNS support that works dynamically during
runtime, permitting late resolution even if the network is down
at startup. This is important for long-running use of the
<a href="http://www.pool.ntp.org/en/">NTP pools</a> cluster.
<li>Besides using
<a href="https://man.openbsd.org/adjtime">adjtime(2)</a>
for coarse time adjustments, OpenNTPD can do fine-grained time
adjustment via the
<a href="https://man.openbsd.org/adjfreq">adjfreq(2)</a>
and ntp_adjtime system calls.
<li>Integration with time-synchronization hardware where the
<a href="https://man.openbsd.org/sensorsd">sensorsd(8)</a>
framework is available.
<li>Support for validation of received ntp time against a https secured
secondary source.
<li>Ability to bootstrap time in a secure way, even for machines lacking a
battery backed up real time clock.
<li>Support for virtual routing tables (called rdomains in OpenBSD)
to isolate the networks that OpenNTPD can reach.
<li>An <a href="https://man.openbsd.org/ntpctl">ntpctl(8)</a>
command for querying real-time synchronization status.
<li>Integrates the latest secure API advances from OpenBSD such as
<a href="https://man.openbsd.org/getentropy">getentropy(2)</a>,
<a href="https://man.openbsd.org/arc4random">arc4random(3)</a>
(a fail-safe CSRNG that works in chroot environments), and
<a href="https://man.openbsd.org/reallocarray">reallocarray(3)</a>
(an integer overflow-checking malloc/calloc/realloc replacement).
</ul>