Scroll to navigation

NTPDIG(1) NTPsec NTPDIG(1)

NAME

ntpdig - standard Simple Network Time Protocol client program

SYNOPSIS

ntpdig

[--help | -?] [-4 | -6] [-a keynum] [-p samples]
[-c] [-d] [-D debug-level] [-g delay] [-j] [-k keyfile]
[-l logfile] [-M steplimit] [-S] [-s]
[--wait] [--no-wait] [--version] [address...]+

DESCRIPTION

ntpdig can be used as an SNTP client to query an NTP or SNTP server and either display the time or set the local system’s time (given suitable privilege). It can be run as an interactive command or from a cron job. NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol) are defined and described by RFC 5905.

The default is to write the estimated correct local date and time (i.e. not UTC) to the standard output in a format like:

2015-10-14 13:46:04.534916 (+0500) -0.000007 +/- 0.084075 localhost 127.0.0.1 s2 no-leap

where the (+0500) means that to get to UTC from the reported local time one must add 5 hours and 0 minutes, the -0.000007 indicates the local clock is 0.000007 seconds ahead of correct time (so 0.000007 seconds must be subtracted from the local clock to get it to be correct). Note that the number of decimals printed for this value will change based on the reported precision of the server. +/- 0.084075 is the reported synchronization distance (in seconds), which represents the maximum error due to all causes. If the server does not report valid data needed to calculate the synchronization distance, this will be reported as +/- ?.

If the host is different from the IP, both will be displayed. Otherwise, only the IP is displayed. Finally, the stratum of the host is reported and the leap indicator is decoded and displayed.

With the -j (JSON) option, the output format becomes a self-describing JSON record:

{"time":"2015-10-14T13:46:04.534916+0500",

"offset":-0.000007,"precision":"0.084075",
"host":"localhost",ip:"127.0.0.1",
"stratum":2,"leap":"noleap","adjusted":false}

In the JSON format, time is in ISO 8601 format; precision is the synch distance, with an unknown synch distance being reported as 0. Host and IP are always emitted even if duplicate. The "adjusted" boolean reports whether ntpdig determined it should have slewed or stepped the time. This may be shown as true even if time was not actually adjusted due to lack of clock-setting privileges.

OPTIONS

-h, --help

Displays usage information and exits.

-4, --ipv4

Force IPv4 DNS name resolution. This option must not appear in combination with any of the following options: ipv6.

Force DNS resolution of the following host names on the command line to the IPv4 namespace.

-6, --ipv6

Force IPv6 DNS name resolution. This option must not appear in combination with any of the following options: ipv4.

Force DNS resolution of the following host names on the command line to the IPv6 namespace.

-a auth-keynumber, --authentication=auth-keynumber


Enable authentication with the key auth-keynumber. This option takes an integer number as its argument.

Enable authentication using the key specified in this option’s argument. The argument of this option is the keyid, a number specified in the keyfile as this key’s identifier. See the keyfile option (-k) for more details.

-c host-name, --concurrent=host-name

Concurrently query all IPs returned for host-name. This option may appear an unlimited number of times.

Requests from an NTP "client" to a "server" should never be sent more rapidly than one every 2 seconds. By default, any IPs returned as part of a DNS lookup are assumed to be for a single instance of ntpd, and therefore ntpdig will send queries to these IPs one after another, with a 2-second gap in between each query.

The -c or --concurrent flag says that any IPs returned for the DNS lookup of the supplied host-name are on different machines, so we can send concurrent queries. This is appropriate when using a server pool.

-d, --debug-level

Increase debug verbosity level. This option may appear an unlimited number of times.

-D number, --set-debug-level=number

Set the debug verbosity level. This option may appear an unlimited number of times. This option takes an integer number as its argument.

-g milliseconds, --gap=milliseconds

The gap (in milliseconds) between time requests. This option takes an integer number as its argument. The default milliseconds for this option is 50.

Separate the queries we send out by the specified number of milliseconds. A larger delay reduces the query load on the time sources, at the cost of increasing the time to receive a valid response if the first source attempted is slow or unreachable.

-j

Output to stdout in JSON, suppressing syslog messages.

-k file-name, --keyfile=file-name

Look in this file for the key specified with -a.

This option specifies the keyfile. ntpdig will search for the key specified with -a keyno in this file. See ntp.keys(5) for more information.

-l file-name, --logfile=file-name

Log to specified logfile.

This option causes the client to write log messages to the specified logfile.

-M number, --steplimit=number

Adjustments less than steplimit milliseconds will be slewed. This option takes an integer number as its argument. The value of number is constrained to being greater than or equal to 0,

If the time adjustment is less than steplimit milliseconds, slew the amount using adjtime(2). Otherwise, step the correction using clock_settime() or local equivalent. The default value is 0, which means all adjustments will be stepped. This is a feature, as different situations demand different values.

-p, --samples

The number of samples to take (default 1). The best one (chosen by, among other criteria, sync distance) is selected for display or use.

-S, --step

By default, ntpdig displays the clock offset but does not attempt to correct it. This option enables offset correction by stepping, that is, directly setting the clock to the corrected time. This typically requires ntpdig be invoked as the superuser ("root").

-s, --slew

By default, ntpdig displays the clock offset but does not attempt to correct it. This option enables offset correction by slewing using adjtime(), which changes the rate of the clock for a period long enough to accomplish the required offset (phase) correction. This typically requires ntpdig be invoked as the superuser ("root").

-t seconds, --timeout=seconds

The number of seconds to wait for responses. This option takes an integer number as its argument. The default seconds for this option is: 5.

When waiting for a reply, ntpdig will wait the number of seconds specified before giving up. The default should be more than enough for a unicast response. If ntpdig is only waiting for a broadcast response a longer timeout is likely needed.

--wait, --no-wait

Wait for pending replies (if not setting the time). The no-wait form will disable the option. This option is enabled by default.

If we are not setting the time, wait for all pending responses.

--version

Output version of program and exit.

USAGE

ntpdig ntpserver.somewhere

is the simplest use of this program and can be run as an unprivileged command to check the current time and error in the local clock.

ntpdig -S -s -M 128 ntpserver.somewhere

With suitable privilege, run as a command or from a cron(8) job, ntpdig -Ss -M 128 ntpserver.somewhere will request the time from the server, and if that server reports that it is synchronized then if the offset adjustment is less than 128 milliseconds the correction will be slewed, and if the correction is more than 128 milliseconds the correction will be stepped.

ntpdig -S ntpserver.somewhere

With suitable privilege, run as a command or from a cron(8) job, ntpdig -S ntpserver.somewhere will set (step) the local clock from a synchronized specified server, like the ntpdate utility from older NTP implementations.

COMPATIBILITY

Not all options of the NTP classic sntp(1) utility have been retained; don’t expect -b, -K, -o, -r, -w, or -W to work. These have either been removed for security reasons or discarded as unnecessary in a modern environment.

This version does not log to syslog. Pipe standard output and standard error to logger(1) if you want this behavior.

The synchronization-distance formula used in this version is slightly different from that found in sntp(1), tracking the newer formula used in ntpd(8). Expect offset computations to match but synch-distances not to.

AUTHORS

Johannes Maximilian Kuehn, Harlan Stenn, Dave Hart.

EXIT STATUS

One of the following exit values will be returned:

0 (EXIT_SUCCESS)

Successful program execution.

1 (EXIT_FAILURE)

The operation failed or the command syntax was not valid.
2024-05-07 NTPsec