Offline Hub cannot keep accurate date time

This is the list of DNS time server targets that I have aliased to my local timeserver (a stratum 0 server using the rPi GPS hat):

0.us.pool.ntp.org 0.openwrt.pool.ntp.org 1.sonostime.pool.ntp.org 2.android.pool.ntp.org asia.pool.ntp.org 0.north-america.pool.ntp.org time.apple.com time-ios.apple.com

I guess I'm missing some, because I don't have one for Microsoft - @ronv42, would you mind sharing your list of aliases?

@storageanarchy, I have 2 and 3 configured with dnsmasq. What do you use to setup the ntp server on your pi and do you see any problem with using the same pi that runs dnsmasq as the ntp server?

It depends a bit. If you use a stratum 0 or stratum 1 setup (getting the time from a radio like GPS with PPS) then no, it shouldn't affect anything. If you setup a "normal" NTP server (stratum 2), it will get the time from the internet. You need to be careful with your DNS redirects so your NTP server can actually get the time from the internet and won't be redirected to itself by the DNS server.

Makes sense?

In regard to how to set it up, do you have a HAT module on your PI or a GPS module that supports PPS? If so, you can go completely "offline" and use the time from GPS but the setup is a bit different.

I don't have a hat or a GPS module. It looks like have reading to do on this (no clue what stratum 0/1/2 means). I'll do some googling to wrap my head around the terminology and options so I can at least ask more intelligent questions.

That means that you want to setup a "stratum 2" time server. Look for a "standard" NTP server setup, like this here:

Next, you need to figure out which DNS queries your system uses to redirect them via DNS to your NTP server. @storageanarchy gave a good start here:

The easiest to redirect these dns names to your local NTP server is to add entries in your /etc/hosts file where 192.168.XXX.XXX is the IP of your NTP server, like:

192.168.XXX.XXX 0.us.pool.ntp.org 
192.168.XXX.XXX 0.openwrt.pool.ntp.org 
192.168.XXX.XXX 1.sonostime.pool.ntp.org 
192.168.XXX.XXX 2.android.pool.ntp.org 
192.168.XXX.XXX asia.pool.ntp.org 
192.168.XXX.XXX 0.north-america.pool.ntp.org 
192.168.XXX.XXX time.apple.com 
192.168.XXX.XXX time-ios.apple.com

Now, you need to make sure that your NTP server setup does NOT use any of these NTP servers. In the /etc/ntp.conf you configure the servers to use. The guide I send you uses *.ubuntu.pool.ntp.org
Make sure that you actually get the time from these servers and not from you own.

1 Like

It is trivial (seconds) to setup a stratum 2 time server.

To do a stratum 0 setup like Dan did is obviously more work - for instance no GPS that I tried would work inside my house. I could get it to work if I put the rpi next to the window, but that wasn't a good option for me and I don't want an external GPS antenna. So I live with stratum 2.

For the redirection, it depends on the network setup. In my network I just redirect all port 123 traffic to my local time server (except the time server rpi IP itself - so it can get time externally). No need to redirect all of the pool DNS that way.

Of course none of that above helps with Secure ntp though (not to be confused with sntp = simple ntp), obviously... Encrypted connections don't like to be redirected to a host they weren't intended for...

1 Like

This is the most elegant solution as it is transparent. Some routers don't let you do that though. E.g. I have an ORBI mesh network and the granularity of firewall rules is really geared to the the "standard" user.

100% agreed, nothing you can do there outside of breaking it completely......

True. Luckily (?) most keyed/authenticated NTP setups I've seen still use port 123, so they get broken automatically on the port redirect method. Which I'm fine with.

Of course, nothing stopping anyone from using a different port for NTP requests, then it is a cat and mouse game (or a protocol identification/fingerprint game - depending on the technology available and complexity/admin burden you want).

Oh, one more thing.... If you have Docker available, there are a number of containers that implement NTPD as a stratum 2 server. Can spin one of those up in <10 seconds (if you are a Docker user, of course, and if you aren't, you should be. :wink: ).

I have:

time.windows.com
time.apple.com
time-ios.apple.com
2.android.pool.ntp.org **odd one sometimes android use this other times U.S. Regional's
pool.ntp.org
0.pool.ntp.org
1.pool.ntp.org
2.pool.ntp.org
3.pool.ntp.org
north-america.pool.ntp.org
0.north-america.pool.ntp.org
1.north-america.pool.ntp.org
2.north-america.pool.ntp.org
3.north-america.pool.ntp.org
asia.pool.ntp.org
0.asia.pool.ntp.org
1.asia.pool.ntp.org
2.asia.pool.ntp.org
3.asia.pool.ntp.org

I am a docker user but based on @dan.t link it seems like a trivial process to install and configure the ntp server. I have found that adding really simple packages to a container actually increase the complexity of configuring and maintaing them. Just my personal experience, but thanks for the suggestion.

I have a Netgear Nighthawk router (probably with a very similar interface to Orbi) so I don't have the advanced config options to do internal>external port redirection.

I have the no-hosts flag in my dnsmasq config but I should be able to set this up in my dnsmasq conf file.

Thanks for the suggestions guys. I will look into setting this up sometime soon.

1 Like

It definitely is. If you already have a linux server you can dump it on, that is easy too!

I have an Ubuntu box and a few rpi's. I would prefer to have all the Lan services (DNS, DHCP and Ntp) all on the same box though...one pi to rule them all. hopefully I can set it up and avoid any of the DNS redirection problems Dan eluded too earlier. Only one way to find out I guess.

1 Like

I had the same problem, but I moved my GPS Pi to my basement, and ran the GPS extension cable to the middle of the house - away from metal obstructions (but nowhere near a window), and it works fantastically...it doesn't really need much signal at all with the external antenna...

1 Like

I always advise using specific NTP time server names in /etc/ntp.conf instead of pool names. If you're running a GPS Stratum 0/1 server, it is allowed to use specific named time servers in Stratum 0 or 1 who have identified themselves as "public" time servers (as you are googling for NTP time servers, you'll find the registry for public time servers that you can use).

This will address the issue of redirecting back to yourself.

I run a rPi 3B+ as my dnsmasq (DNS & DHCP) server AND my Secure NTP server (with the GPS Hat), along with unbound as my (private) DNS resolver (instead of BIND). All this runs without breaking a sweat.

I have a second rPi running backup dnsmasq (DNS only), plus (standard) NTP server and backup unbound. I also have this 2-Pi setup at my vacation home, and the two sites use each other as secondary time servers, along with several public Stratum 0/1 servers that are "nearby" to each locations' internet provider (FiOS at one, Spectrum at the other). The secondary servers at each site also perform local backups of all the sites' rPis (to a USB hard drive), and the secondary server at home also collects munin stats from my 9 rPis...

These little rPi3B+'s can do an awful lot of network I/O without much effort...I am now looking to consolidate these services and even more onto a single rPi4B (4GB version)...

Thanks, @ronv42!

FWIW, I don't alias all four pools (0-1-2-3) for any domain, because I've found that DDWRT-based NTP servers (eg. MeteoBridge/WeatherBridge) will actually reject duplicate NTP hostnames anyway. Including my local (Stratum 0/1) server in just one of the pools is enough to get my server to be preferred over the remote ones- since the response time will be so much better.

I remember why I had omitted time.windows.com - I have instead just pointed all of my window hosts directly to my local server :slight_smile:

my blinds supposed to open everyday if there is motion in a sensor between 6:00 am and 11:59 am. Today there was motion within this range and the blinds did not open. I checked the time in hubitat and it was actually 2:00 am so that explains why my blinds did not open but the question is why hubitat hub did not have the correct time?? I had an internet failure and a hub restart 2 days ago so that could have caused the time to go wrong but should not the hub automatically after that get the correct time from internet ?? is not it automatically ??

They say it checks every hour. Possibly if its too far off, it doesnt auto-correct? It has been seen where if NTP isn't available right at hub boot time, if say the router and modem haven't completed booting and connecting yet, hub time does not get set.

Since 2.1.5, you can now install a NTP client to keep the time synced.

Great once I migrate to 2.1.5 I will install it. Thanks

Have you tried the "update time from browser"? Should work, go to settings and select "Hub details". It's at the bottom.