from Alice’s Adventures in Wonderland, Lewis Carroll S is for snakeoil. |
1. Manual Pages
2. Table of Contents
3. SYNOPSIS
ntpdig [--help | -?] [-4 | -6] [-a keynum] [-p samples] [-c] [-d] [-D debug-level] [-g delay] [-I ipaddr] [-j] [-k keyfile] [-l logfile] [-M steplimit] [-S] [-s] [--wait] [--no-wait] [--version] [address…]+
4. DESCRIPTION
ntpdig can be used as an SNTP client to query an NTP or SNTP server and either display the time or set the local system’s time (given suitable privilege). It can be run as an interactive command or from a cron job. NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol) are defined and described by RFC 5905.
The default is to write the estimated correct local date and time (i.e. not UTC) to the standard output in a format like:
2015-10-14 13:46:04.534916 (+0500) -0.000007 +/- 0.084075 localhost 127.0.0.1 s2 no-leap
where the (+0500)
means that to get to UTC from the reported local
time one must add 5 hours and 0 minutes, the -0.000007
indicates the
local clock is 0.000007 seconds ahead of correct time (so 0.000007 seconds
must be subtracted from the local clock to get it to be correct). Note that
the number of decimals printed for this value will change based on the
reported precision of the server. +/- 0.084075
is the reported
synchronization distance (in seconds), which represents the
maximum error due to all causes. If the server does not report valid
data needed to calculate the synchronization distance, this will be
reported as +/- ?
.
If the host is different from the IP, both will be displayed. Otherwise, only the IP is displayed. Finally, the stratum of the host is reported and the leap indicator is decoded and displayed.
With the -j (JSON) option, the output format becomes a self-describing JSON record:
{"time":"2015-10-14T13:46:04.534916+0500", "offset":-0.000007,"precision":"0.084075", "host":"localhost",ip:"127.0.0.1", "stratum":2,"leap":"noleap","adjusted":false}
In the JSON format, time is in ISO 8601 format; precision is the synch distance, with an unknown synch distance being reported as 0. Host and IP are always emitted even if duplicate. The "adjusted" boolean reports whether ntpdig determined it should have slewed or stepped the time. This may be shown as true even if time was not actually adjusted due to lack of clock-setting privileges.
5. OPTIONS
-h, --help
-
Displays usage information and exits.
-4
,--ipv4
-
Force IPv4 DNS name resolution. This option must not appear in combination with any of the following options: ipv6.
Force DNS resolution of the following host names on the command line to the IPv4 namespace.
-6
,--ipv6
-
Force IPv6 DNS name resolution. This option must not appear in combination with any of the following options: ipv4.
Force DNS resolution of the following host names on the command line to the IPv6 namespace.
-a
auth-keynumber,--authentication
=auth-keynumber-
Enable authentication with the key auth-keynumber. This option takes an integer number as its argument.
Enable authentication using the key specified in this option’s argument. The argument of this option is the keyid, a number specified in the keyfile as this key’s identifier. See the keyfile option (-k
) for more details. -c
host-name,--concurrent
=host-name-
Concurrently query all IPs returned for host-name. This option may appear an unlimited number of times.
Requests from an NTP "client" to a "server" should never be sent more rapidly than one every 2 seconds. By default, any IPs returned as part of a DNS lookup are assumed to be for a single instance of ntpd, and therefore
ntpdig
will send queries to these IPs one after another, with a 2-second gap in between each query.The
-c
or--concurrent
flag says that any IPs returned for the DNS lookup of the supplied host-name are on different machines, so we can send concurrent queries. This is appropriate when using a server pool. -d
,--debug-level
-
Increase debug verbosity level. This option may appear an unlimited number of times.
-D
number,--set-debug-level
=number-
Set the debug verbosity level. This option may appear an unlimited number of times. This option takes an integer number as its argument.
-g
milliseconds,--gap
=milliseconds-
The gap (in milliseconds) between time requests. This option takes an integer number as its argument. The default milliseconds for this option is 50.
Separate the queries we send out by the specified number of milliseconds. A larger delay reduces the query load on the time sources, at the cost of increasing the time to receive a valid response if the first source attempted is slow or unreachable.
-I
,--bindaddr
=IP_Addr-
Bind to Specified IP for requests
Bind to the specified IP address for requests before the request is made. This can be useful for systems with multiple interfaces.
-j
-
Output to stdout in JSON, suppressing syslog messages.
-k
file-name,--keyfile
=file-name-
Look in this file for the key specified with
-a
.This option specifies the keyfile.
ntpdig
will search for the key specified with-a
keyno in this file. See ntp.keys(5) for more information. -l
file-name,--logfile
=file-name-
Log to specified logfile.
This option causes the client to write log messages to the specified logfile.
-M
number,--steplimit
=number-
Adjustments less than steplimit milliseconds will be slewed. This option takes an integer number as its argument. The value of number is constrained to being greater than or equal to 0,
If the time adjustment is less than steplimit milliseconds, slew the amount using adjtime(2). Otherwise, step the correction using clock_settime() or local equivalent. The default value is 0, which means all adjustments will be stepped. This is a feature, as different situations demand different values.
-p
,--samples
-
The number of samples to take (default 1). The best one (chosen by, among other criteria, sync distance) is selected for display or use.
-S
,--step
-
By default,
ntpdig
displays the clock offset but does not attempt to correct it. This option enables offset correction by stepping, that is, directly setting the clock to the corrected time. This typically requiresntpdig
be invoked as the superuser ("root"). -s
,--slew
-
By default,
ntpdig
displays the clock offset but does not attempt to correct it. This option enables offset correction by slewing using adjtime(), which changes the rate of the clock for a period long enough to accomplish the required offset (phase) correction. This typically requiresntpdig
be invoked as the superuser ("root"). -t
seconds,--timeout
=seconds-
The number of seconds to wait for responses. This option takes an integer number as its argument. The default seconds for this option is: 5.
When waiting for a reply,
ntpdig
will wait the number of seconds specified before giving up. The default should be more than enough for a unicast response. Ifntpdig
is only waiting for a broadcast response a longer timeout is likely needed. --wait
,--no-wait
-
Wait for pending replies (if not setting the time). The no-wait form will disable the option. This option is enabled by default.
If we are not setting the time, wait for all pending responses.
--version
-
Output version of program and exit.
6. USAGE
ntpdig ntpserver.somewhere
-
is the simplest use of this program and can be run as an unprivileged command to check the current time and error in the local clock.
ntpdig -S -s -M 128 ntpserver.somewhere
-
With suitable privilege, run as a command or from a cron(8) job,
ntpdig -Ss -M 128 ntpserver.somewhere
will request the time from the server, and if that server reports that it is synchronized then if the offset adjustment is less than 128 milliseconds the correction will be slewed, and if the correction is more than 128 milliseconds the correction will be stepped. ntpdig -S ntpserver.somewhere
-
With suitable privilege, run as a command or from a cron(8) job,
ntpdig -S ntpserver.somewhere
will set (step) the local clock from a synchronized specified server, like thentpdate
utility from older NTP implementations.
7. COMPATIBILITY
Not all options of the NTP classic sntp(1) utility have been retained; don’t expect -b, -K, -o, -r, -w, or -W to work. These have either been removed for security reasons or discarded as unnecessary in a modern environment.
This version does not log to syslog. Pipe standard output and standard error to logger(1) if you want this behavior.
The synchronization-distance formula used in this version is slightly different from that found in sntp(1), tracking the newer formula used in ntpd(8). Expect offset computations to match but synch-distances not to.