While doing some routine maintenance on a society server running Ubuntu (I’m a sysadmin for my university’s computer and networking society), I noticed that its system clock had drifted away from the true time by approximately 20 minutes. This amount of drift isn’t something one would expect to see on a long-running server with an active NTP service … except, of course, the NTP service wasn’t working.
It was only then that I remembered that Port 123, which is reserved for the Network Time Protocol, is blocked on the campus network1. I first encountered this a few weeks before, when I couldn’t get my laptop’s clock to sync after the switch to Daylight Savings Time. Of course, on my own computer, the solution was simply to connect to my phone’s hotspot for a few minutes; obviously, I couldn’t do the same for our server.
I considered setting the time on the server manually and adding a note to the docs reminding someone to reset it every once in a while, but it bugged me that I had to resort to such a clumsy solution. After a bit of Googling, I found the htpdate package mentioned in a StackOverflow answer (exactly which one, I can’t remember now). Looking at the man pages, it appeared that htpdate was perfect for my use case.
Instead of communicating with an NTP server, htpdate makes HTTP requests to web servers and uses the timestamp headers in the response packets to correct the time on your own server. Naturally, this won’t be as accurate as NTP - the man pages say accuracy lies within 0.5 seconds - but I reasoned it would be more than enough for our purposes.
Setup was exceedingly simple: all I had to do was run sudo apt install htpdate. The existing ntpdate package was autoremoved by apt and the daemon started automatically. To verify that htpdate was indeed running, I ran systemctl status htpdate, which printed this to the console:
$ systemctl status htpdate
● htpdate.service - LSB: Start htpdate daemon
Loaded: loaded (/etc/init.d/htpdate; generated)
Active: active (running) since Sat 2024-04-06 10:54:21 IST; 2 months 4 days ago
Docs: man:systemd-sysv-generator(8)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/htpdate.service
└─28581 /usr/sbin/htpdate -D -s -i /var/run/htpdate.pid www.pool.ntp.org www.ntp.br www.wikipedia.org
Funnily enough, some of the default hosts that htpdate looks to for accurate time information are websites associated with NTP.
-
This is often done to prevent NTP amplification DDoS attacks. Read more about them in this Cloudflare article. ↩︎