Thursday, February 26, 2015

Google's public NTP servers?

I was struggling with finding a good set of low-ping NTP servers for use as upstream sources in the office. Using pool.ntp.org is great and all, but the rotating DNS entries aren't fabulous for Windows NTP clients (or really any NTP software except the reference ntpd implementation).

ntpd resolves a server hostname to an IP once at startup, and then sticks with that IP forever. Most other NTP clients honor DNS TTLs, and will follow the rotation of addresses returned by pool.ntp.org. This means Windows NTP client using the built-in Windows Time Service will actually be trying to sync to a moving set of target servers when pointed at a pool.ntp.org source. Fine for most client, but not great for servers trying to maintain stable timing for security and logging purposes.

I stumbled across this link referencing Google's ntp servers at hostname time[1-4].google.com. These servers support IPv4 and IPv6, and seem to be anycast just like Google's public DNS servers at 8.8.8.8. time4.google.com is only few milliseconds away from some widely dispersed servers to which I have access. Indeed, plugging time4.google.com into CA's global ping tool shows that they are clearly "close" in terms of latency to multiple locations globally, which is only possible with anycast routing.

Are these servers truly public like Google Public DNS? They're not publicized by Google, but they seem to work pretty well as an alternative to pool.ntp.org for systems that run NTP software other than ntpd.

No comments: