Many NTP daemons fail in different areas. Some are complex, follow
archaic design practices, and are difficult to configure. Others are
overly simplistic, only support client-side synchronization, or are
simply immature.
In an increasingly NTP-synchronized world, it is important to have a
free implementation that provides good time synchronization while
still maintaining high security and ease of configurability.
To satisfy those goals, OpenNTPD has:
-
Over 10 years of proven reliability.
-
A simple and easily understandable codebase.
-
Server and client-side synchronization. OpenNTPD is suitable for
everything from synchronizing your home router, laptop, or
thousand-node server cluster.
-
Privilege separation that isolates the unprivileged networking
code from the privileged time-setting code. The daemon runs
in a chroot environment, further limiting its capabilities.
-
Privilege-separated DNS support that works dynamically during
runtime, permitting late resolution even if the network is down
at startup. This is important for long-running use of the
NTP pools cluster.
-
Besides using
adjtime(2)
for coarse time adjustments, OpenNTPD can do fine-grained time
adjustment via the
adjfreq(2)
and ntp_adjtime system calls.
-
Integration with time-synchronization hardware where the
sensorsd(8)
framework is available.
-
Support for virtual routing tables (called rdomains in OpenBSD)
to isolate the networks that OpenNTPD can reach.
-
An ntpctl(8)
command for querying real-time synchronization status.
-
Integrates the latest secure API advances from OpenBSD such as
getentropy(2),
arc4random(3)
(a fail-safe CSRNG that works in chroot environments), and
reallocarray(3)
(an integer overflow-checking malloc/calloc/realloc replacement).