Network Time Server

stratum-2 free to use NTS / NTP time server

version française

This is the homepage / info-page of the Network Time Security server

This time server provides a NTP service on both UDP port 443 (to bypass the NTP router filtering) as well as the standardized 123 port, and encrypted TLS1.3 NTS service on TCP port 4460 to initiate encryption.

It retrieves time data exclusively from other NTP servers providing NTS (encrypted) service and so should theoretically not be subject to man in the middle attack

It should be most of the time a stratum-2-server since it recovers time data from some stratum-1-server as ie. PTB in Germany

Here below is an example of the server’s “chronyc sources -v” returned table:

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
^+         1  10   377   229   +113us[ +113us] +/-   18ms
^+           3  10    21   21m  +1810us[+1810us] +/-   10ms
^+               1  10    21   22m  +1711us[+1711us] +/-   10ms
^*              1  10    21   28m   +260us[ +390us] +/-   10ms
^+       2  10   114   61m  -2996us[-2876us] +/-   17ms
^-              2  10    21   21m   -102us[ -102us] +/-   25ms

This server is world opened, and you can add it to your own server, but please consider these statements before to do that:

- It runs inside a virtual private server (VPS), GNU/Linux Debian 12, chronyd (chrony) version 4.3

- I do my best for it running 24/7, but I cannot guarantee this

- it is located in France, near Nancy, it is a member of the pool of ~200 French NTP IPv4 servers ( does not yet reference the encrypted time broadcast servers)

- as running in a virtual machine (VPS), this server cannot have such low time dispersion as a bare metal server could have, the image below shows that (check if it is compatible with your needs):

Example of a time dispersion graph for NTP NTS server
Figure 1: An example of the time dispersion for my NTP server (green dots, left axis), click on the graph to go to the current data

How to add this server to your ntp.conf or chrony.conf file:

If you use chrony, you can take advantage of the workaround to bypass the NTP filtering done by many BGP routers on the Internet, by adding this line to your chrony.conf:

- to retrieve NTS TLS1.3 encrypted time :

server port 443 nts iburst

- to retrieve standard NTP (non-encrypted time) :

server port 443 iburst

If you use NTP / NTPsec, I am not sure that it is possible to select alternative UDP port other than the default 123, so the standard NTP queries on UDP 123 are internally redirected to port UDP 443 too, and so that allows a classical configuration:

- to retrieve NTS TLS1.3 encrypted time (with NTPsec) add this line to ntp.conf:

server nts iburst

- to retrieve standard NTP (non-encrypted time, with NTP) add this line to ntp.conf:

server iburst

Links of interest:

The NTPsec project

NTP at Weberblog

NTP servers list with NTS support


updated: 2013.07.31