NTPDIG(1) | NTPsec | NTPDIG(1) |
ntpdig - standard Simple Network Time Protocol client program
ntpdig
[--help | -?] [-4 | -6] [-a keynum] [-p samples]
[-c] [-d] [-D debug-level] [-g delay] [-j] [-k keyfile]
[-l logfile] [-M steplimit] [-S] [-s]
[--wait] [--no-wait] [--version] [address...]+
ntpdig can be used as an SNTP client to query an NTP or SNTP server and either display the time or set the local system’s time (given suitable privilege). It can be run as an interactive command or from a cron job. NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol) are defined and described by RFC 5905.
The default is to write the estimated correct local date and time (i.e. not UTC) to the standard output in a format like:
2015-10-14 13:46:04.534916 (+0500) -0.000007 +/- 0.084075 localhost 127.0.0.1 s2 no-leap
where the (+0500) means that to get to UTC from the reported local time one must add 5 hours and 0 minutes, the -0.000007 indicates the local clock is 0.000007 seconds ahead of correct time (so 0.000007 seconds must be subtracted from the local clock to get it to be correct). Note that the number of decimals printed for this value will change based on the reported precision of the server. +/- 0.084075 is the reported synchronization distance (in seconds), which represents the maximum error due to all causes. If the server does not report valid data needed to calculate the synchronization distance, this will be reported as +/- ?.
If the host is different from the IP, both will be displayed. Otherwise, only the IP is displayed. Finally, the stratum of the host is reported and the leap indicator is decoded and displayed.
With the -j (JSON) option, the output format becomes a self-describing JSON record:
{"time":"2015-10-14T13:46:04.534916+0500",
"offset":-0.000007,"precision":"0.084075",
"host":"localhost",ip:"127.0.0.1",
"stratum":2,"leap":"noleap","adjusted":false}
In the JSON format, time is in ISO 8601 format; precision is the synch distance, with an unknown synch distance being reported as 0. Host and IP are always emitted even if duplicate. The "adjusted" boolean reports whether ntpdig determined it should have slewed or stepped the time. This may be shown as true even if time was not actually adjusted due to lack of clock-setting privileges.
-h, --help
-4, --ipv4
Force DNS resolution of the following host names on the command line to the IPv4 namespace.
-6, --ipv6
Force DNS resolution of the following host names on the command line to the IPv6 namespace.
-a auth-keynumber, --authentication=auth-keynumber
Enable authentication using the key specified in this option’s argument. The argument of this option is the keyid, a number specified in the keyfile as this key’s identifier. See the keyfile option (-k) for more details.
-c host-name, --concurrent=host-name
Requests from an NTP "client" to a "server" should never be sent more rapidly than one every 2 seconds. By default, any IPs returned as part of a DNS lookup are assumed to be for a single instance of ntpd, and therefore ntpdig will send queries to these IPs one after another, with a 2-second gap in between each query.
The -c or --concurrent flag says that any IPs returned for the DNS lookup of the supplied host-name are on different machines, so we can send concurrent queries. This is appropriate when using a server pool.
-d, --debug-level
-D number, --set-debug-level=number
-g milliseconds, --gap=milliseconds
Separate the queries we send out by the specified number of milliseconds. A larger delay reduces the query load on the time sources, at the cost of increasing the time to receive a valid response if the first source attempted is slow or unreachable.
-j
-k file-name, --keyfile=file-name
This option specifies the keyfile. ntpdig will search for the key specified with -a keyno in this file. See ntp.keys(5) for more information.
-l file-name, --logfile=file-name
This option causes the client to write log messages to the specified logfile.
-M number, --steplimit=number
If the time adjustment is less than steplimit milliseconds, slew the amount using adjtime(2). Otherwise, step the correction using clock_settime() or local equivalent. The default value is 0, which means all adjustments will be stepped. This is a feature, as different situations demand different values.
-p, --samples
-S, --step
-s, --slew
-t seconds, --timeout=seconds
When waiting for a reply, ntpdig will wait the number of seconds specified before giving up. The default should be more than enough for a unicast response. If ntpdig is only waiting for a broadcast response a longer timeout is likely needed.
--wait, --no-wait
If we are not setting the time, wait for all pending responses.
--version
ntpdig ntpserver.somewhere
ntpdig -S -s -M 128 ntpserver.somewhere
ntpdig -S ntpserver.somewhere
Not all options of the NTP classic sntp(1) utility have been retained; don’t expect -b, -K, -o, -r, -w, or -W to work. These have either been removed for security reasons or discarded as unnecessary in a modern environment.
This version does not log to syslog. Pipe standard output and standard error to logger(1) if you want this behavior.
The synchronization-distance formula used in this version is slightly different from that found in sntp(1), tracking the newer formula used in ntpd(8). Expect offset computations to match but synch-distances not to.
One of the following exit values will be returned:
0 (EXIT_SUCCESS)
1 (EXIT_FAILURE)
Johannes Maximilian Kuehn, Harlan Stenn, Dave Hart.
One of the following exit values will be returned:
0 (EXIT_SUCCESS)
1 (EXIT_FAILURE)
2023-07-29 | NTPsec |