Best Practices for Connecting to NTP Servers

The FAQ at support.ntp.org says to use at least 4 [1] because math.<p>But it basically boils down to &quot;With at least four upstream servers, one (or more) can be a &quot;falseticker&quot;, or just unreachable, and ntpd will have a sufficient number of sources to choose from.&quot;<p>I&#x27;ve spent a bunch of time sorting out NTP in recent years, chrony does indeed keep much better time and converge more quickly.<p>I would be careful about the advice around NTP anycasting. While attractive as a solution (one IP!), there are tradeoffs and it would be important to take those into account before going down this path.[2]<p>[1] <a href="https:&#x2F;&#x2F;support.ntp.org&#x2F;bin&#x2F;view&#x2F;Support&#x2F;SelectingOffsiteNTPServers#Section_5.3.3" rel="nofollow">https:&#x2F;&#x2F;support.ntp.org&#x2F;bin&#x2F;view&#x2F;Support&#x2F;SelectingOffsiteNTP...</a>.<p>[2] <a href="https:&#x2F;&#x2F;www.rfc-editor.org&#x2F;rfc&#x2F;rfc8633.html#page-17" rel="nofollow">https:&#x2F;&#x2F;www.rfc-editor.org&#x2F;rfc&#x2F;rfc8633.html#page-17</a>

The negativity about using the NTP pool seems unwarranted. The NTP pool monitors all servers in it and will kick out those who are supplying incorrect times or who are unavailable.<p>You&#x27;re also much more likely to be able to easily find a pretty good and pretty local set of NTP servers if you use the NTP pool, versus needing to look up other addresses for NTP servers. You don&#x27;t need to use your country code in the FQDN for using the NTP pool, the DNS resolution should do a pretty good job of figuring it out for you and giving you rather local servers in response.<p><a href="https:&#x2F;&#x2F;www.ntppool.org&#x2F;en&#x2F;use.html" rel="nofollow">https:&#x2F;&#x2F;www.ntppool.org&#x2F;en&#x2F;use.html</a>

Not mentioned: but if you care about correct time be sure you are not using systemd-timesyncd or OpenNTPD. Both of those are better than nothing but chrony is much, much better. The &quot;performance&quot; section on this page has some numbers: <a href="https:&#x2F;&#x2F;chrony.tuxfamily.org&#x2F;comparison.html" rel="nofollow">https:&#x2F;&#x2F;chrony.tuxfamily.org&#x2F;comparison.html</a>

For using pool.ntp.org, this is a better resource:<p><a href="https:&#x2F;&#x2F;www.ntppool.org&#x2F;en&#x2F;use.html" rel="nofollow">https:&#x2F;&#x2F;www.ntppool.org&#x2F;en&#x2F;use.html</a><p>CentOS&#x2F;RedHat uses the Chrony NTP agent, and has their own rhel domain within pool.ntp.org.<p>To only use NTP pool servers within your country, modify &#x2F;etc&#x2F;chrony.conf like so:<p><pre><code> server 0.us.pool.ntp.org iburst server 1.us.pool.ntp.org iburst server 2.us.pool.ntp.org iburst server 3.us.pool.ntp.org iburst </code></pre> Hopefully, your country code is also defined as a subdomain.

I&#x27;ve mostly moved to using time.cloudflare.com [1], in addition to the relevant ntp.org pools, because the ntp pool servers could often be wildly variable, while the cloudflare service appears to have been more stable.<p>[1] <a href="https:&#x2F;&#x2F;blog.cloudflare.com&#x2F;secure-time&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blog.cloudflare.com&#x2F;secure-time&#x2F;</a>