OpenBSD project published OpenNTPD 6.8p1 NTP Server

Available release of the portable edition of the exact time synchronization system OpenNTPD 6.8p1 developed by the OpenBSD Project. OpenNTPD provides NTP support in accordance with RFC 1305 (NTP, Network Time Protocol) and RFC 5905 (SNTP, Simple Network Time Protocol). It supports both synchronization of local time with a remote NTP server and working as an NTP server, which can also receive the exact time from special equipment via sensorsd(8) . Configuration is done via the configuration file ntpd.conf . OpenNTPD has been tested on Linux, FreeBSD, Solaris, and macOS.

Unlike other implementations, OpenNTPD is developed with a primary focus on security and has only the most necessary set of features (simple and auditable code). For added security, OpenNTPD uses a privilege separation mechanism to separate the work of the unprivileged code for handling network connections from the privileged time setting code. The ntpd daemon runs in a separate isolated chroot environment. The implementation of the code for resolving names via DNS works in an asynchronous mode, i.e. name determination will be performed even if the daemon was started when the network connection was not available.

The main changes in OpenNTPD 6.8:

  • In the background ntpd process during the boot process, a secure setting and getting the time value, even on systems without a self-powered timer.
  • Improved handling of DNS queries at startup. Untrusted NTP servers are now excluded from the pool, but DNS resolving attempts continue to add a replacement.
  • TLS checks are more reliable and secure. The search for TLS certificates in the file specified through the TLS_CA_CERT_FILE variable has been provided.
  • The display of information about crashes in the log has been improved.
  • The check for the launch of multiple ntpd instances has been added.
  • In In the default settings, in addition to checking google.com, added IP checking 9.9.9.9 and 2620: fe :: fe.
  • Improved work in unsynchronized mode when no NTP replies are received due to problems with the network connection -server.
/Release. View in full here.