Private NTP/NTS Server at monitoring.zeitgitter.net

Timestamping, whether with Zeitgitter or any other mechanism, requires accurate and reliable time sources. Our NTP/NTS servers help provide this information to the public.

Zeitgitter?

Learn more about timestamping, Zeitgitter, the Zeitgitter network, how to use it, and how to join it at zeitgitter.net.

Accurate Time Sources

The most accurate form of timekeeping is by atomic clocks. However, not every computer can be equipped with one of those bulky and expensive devices. Therefore, the information from these clocks is transmitted using radio waves (e.g., DCF77 in Central Europe) to inexpensive receivers. The most accurate time information available by radio waves is through Global Navigation Satellite Systems, colloquially termed "GPS", where high-precision time information is the basis for geolocation.

But even these radio wave and "GPS" receivers require space and power. Networked devices today therefore use their Internet connection to obtain pretty accurate time information. This time is transmitted using NTP, the Network Time Protocol and achieves sub-second accuracy, down to roughly millisecond accuracy, depending on network conditions.

Trustworthy Time Source

NTP was designed in the mid-1980s, when the Internet essentially was a small, friendly, and cooperative space. Therefore, relatively little thought was given how to widely prevent malicious people from manipulating the time other computers on the network will see.

This has only changed recently, with the advent of NTS, Network Time Security. NTS is to NTP pretty much as HTTPS is to HTTP: You can be sure that the information actually comes from the named server and has not been tampered with by anyone controlling Internet equipment or wireless base stations.

Still, you have no guarantee that the other side is not lying to you about its time. But at least you would know, who was lying to you. And you could talk to multiple NTS servers operated by different organisations: it is unlikely that they all will lie to you, and all in the same way.

So, with NTS, you are not completely safe from bad time information, but it would be extremely hard and costly to fake time, such that it will not become obvious and people can be held accountable.

Public NTS server

Therefore, Trifence AG operates two free public NTS/NTP time servers in Switzerland, at ntp.zeitgitter.net and ntp.trifence.ch. These servers can also be used like traditional NTP servers (the protocol is upward compatible) and are also part of the global NTP timeservers pool.

NTS Usage

Their NTP function, providing mostly accurate but unauthenticated time, can be used like you would any other time server.

To use their additional NTS authentication feature, NTS-capable software has an NTS flag, which you can turn on. On the popular NTPsec or Chrony software, the configuration is as follows:

server ntp.zeitgitter.net iburst nts
server ntp.trifence.ch    iburst nts

The nts flag at the very end of the line indicates that time will only be used if it is properly authenticated.

Trust? Transparency!

We provide transparency about our timeservers, so you have a basis of whether you want to trust our time servers. We provide statistics over the last 24 hours and over the past week, updated multiple times a day. They are generated with chrony-graph.

A second opinion about our timekeeping is collected by the NTP Pool:

Why two systems?

  1. The production monitor runs in California, over a transatlantic link, which sometimes loses NTP packets. That gives the impression that our time servers are unstable or malfunctioning, even though they just work perfectly.
  2. These californian systems also see a long delay and even small queueing delays on the link may accumulate, so resulting in imprecision as well.
  3. The beta test monitors run both in California and in Amsterdam, the latter not being affected as much by delay, jitter, and packet loss. However, it seems that the clocks of the beta monitors are slightly less stable. And, you wouldn't have guessed it, they are test systems, where anything can go wrong at any time. You just can't have it all.

More time servers needed!

NTS is a relatively young protocol, with only a small selection of NTS-capable time servers currently available. If you are interested in reliable time, please consider upgrading your existing NTP time server to also support NTS. It would be great if more official timekeeping sites, universities, and companies around the world would join, in addition to volunteers. If you want to learn more, here are some articles with a lot of information many pointers to more resources:

  1. Transparent, Trustworthy Time with NTP and NTS: A motivation and introduction.
  2. Configuring an NTS-capable NTP server: What to do and why
  3. NTS and dynamic IP addresses: What to take care of when running an NTS server behind a dynamic IP address
  4. Debugging NTS problems: Know-how and tools for detecting and fixing strange behavior