TimeNL

You can specify multiple NTP servers here, separated by commas. On the command line, this can be done via systemsetup -setnetworktimeserver "ntp.time.nl" (activate this using systemsetup -setusingnetworktime on). You can also add multiple NTP servers directly to the /private/etc/ntp.conf file.

The images above illustrate the steps for setting up a workstation. If you are a system administrator, also refer to Microsoft's explanation of the Windows Time Service.

Various NTP packages are available for Unix/Linux/BSD/etc., including NTP, NTPsec, Chrony and OpenNTPD (where the 'pool' directive is called servers, with an 's'). They usually have an ntp.conf file (sometimes also called ntpd.conf) for configuring the NTP server. See the example above, but also consult the documentation for the relevant package, as there may be differences in the details. For instance, Ubuntu works with timesyncd by default, which can sometimes get in the way if you want to use a different NTP package. However, if you do not want a different NTP package, adjusting timesyncd is straightforward. In short, it comes down to editing /etc/systemd/timesyncd.conf. See man timesyncd.conf. There is plenty of information about all of this on the internet. Note that with OpenNTPD, weight is used instead of prefer.

Another option is the ntpd-rs package, where the configuration looks something like this:

Yet another option is not to use a daemon at all, but to synchronise your server periodically via CRON. In the example below, this is done weekly (at a fairly random time — not at minute '0' — to avoid overload peaks), but you can of course synchronise more often. However, do not do so more than once per hour, and not on the hour itself; choose a random minute instead.

Cisco IOS and NX-OS:

When following the example above, we recommend including a few other reliable stratum 1 servers in addition to ntp.time.nl (without the 'prefer' suffix).

Juniper JunOS:

When following the example above, we recommend including a few other reliable stratum 1 servers in addition to ntp.time.nl (without the 'prefer' suffix).

In short: because it fits in with our role.
SIDN Labs is the research team of SIDN. As a team, we are strong advocates of internet improvement, security and innovation, and we actively contribute to those goals. As the administrator of the .nl country-code domain, we have a reputation to uphold. We ensure that everyone can always reach the .nl domain names under our management via the DNS (Domain Name System). The worldwide availability of more than 6.3 million .nl domain names is our top priority, and we take it very seriously. We have accordingly invested heavily in knowledge, expertise and robust infrastructure. We have extensive experience with the so-called 'public core of the internet', of which DNS is a part. We believe that (public) NTP is in some respects also an infrastructure service of that kind — and setting it up, maintaining it, and making it freely available to the internet community is in line with our vision and a natural fit with our other work. We believe that our experience and expertise can really help to raise the profile of NTP. For that reason, we make this service freely available to everyone with the same commitment and quality that you are used to from us with .nl and our other services.

We have worked hard to build a solid and reliable NTP service.

You can expect us to make every reasonable effort to offer and maintain a good-quality NTP service. We invest in knowledge and expertise, infrastructure, security, up-to-date software versions, support for modern standards, sufficient capacity and quality monitoring. The basic service is freely available to everyone, both via IPv4 and IPv6. If you need more — for example, authenticated NTP — that is open to discussion, though we may charge a fee for it. That decision rests with us.

Regarding accuracy, you can expect us to deliver what is possible within the limitations of NTP. An exception to this are our experimental systems; due to their experimental nature, accuracy there may fluctuate somewhat more.

We naturally keep a close eye on abuse[*], which we do not tolerate. We therefore reserve the right to restrict or block your access to the service in whole or in part, by means of filtering or rate limiting. We also take all necessary steps to prevent abuse, both technically and legally.

Furthermore, we accept no liability whatsoever for any failure to (fully) use our service. You use TimeNL at your own risk, and you bear your own responsibility accordingly. We therefore advise you not to rely solely on our NTP service where this matters; for example, also configure third-party NTP services in your own stratum 2 servers. If you have any questions about that, we are happy to advise. It is quite possible that we will eventually expand our capacity and offer several separate NTP servers that you can rely on. We do reserve the right to make changes to our service without prior notice, though under normal circumstances we will announce them well in advance. We will do so via this website and/or our social media channels.

[*] We operate a fair-use policy. The default settings in most NTP software will keep you well within our limits — for example, with a poll interval of 1024 s. If you work via a cron job, an interval of once every 30 minutes is probably more than sufficient. It is fine to deviate from that temporarily on an exceptional basis, but please do not overdo it.

Nothing very special. The question about service levels covers what you can expect from us, and if you are a supplier of products incorporating an NTP server, please also look at the answer to the question about that. The only other piece of small print is this:

Disclaimer
Although we take great care when developing our (experimental) services, we cannot guarantee that this service will always function correctly. Use of the service is entirely at the user's own risk. Neither SIDN nor SIDN Labs is liable for any damage suffered as a result of using — or being unable to use — any of its (experimental) or other services, and we reserve the right to discontinue these services at any time without prior notice.

Of course, TimeNL is not the only NTP service available on the internet — fortunately. There are quite a few alternatives. Nevertheless, there are a number of things that set us apart from others. Here is a summary:

• Provided by SIDN, the trusted organisation behind .nl: a stable entity with extensive operational know-how and ISO 27001 certified.
• From the Netherlands, for the Netherlands — developed with care and managed by driven, curious nerds (😉) who care about 'the public core of the internet'. For more details, see the 'Features and background information' section and the answer to the question 'What service levels can I expect?'
• Not a big tech company, but an accessible organisation that you can ring or e-mail with questions, and that genuinely respects your privacy.
• More secure, because we offer Network Time Security (NTS) and, in certain cases, authenticated NTP, and because time.nl is DNSSEC-enabled.
• Not dependent solely on the American GPS system: we are also connected to the European Galileo and the German DCF077 signal, amongst others.
• Up-to-date software: we patch to the latest firmware version as soon as we can. That may sound obvious, but it does not happen everywhere or always.
• Rubidium-based atomic holdover clock.
• BGP anycast.
• Accessible via IPv6 as well as IPv4, of course.

That depends partly on the size of your organisation. You can let all your users communicate directly with our NTP server. However, with larger numbers of users, it may be worth setting up your own internal NTP server and letting users synchronise their time with that instead. This is called a stratum 2 server. It can in turn synchronise its time with (among others) our stratum 1 server. This reduces the load on our server and means you do not have to open your firewall for every individual user. In very large environments, you can even extend this further to stratum 3. The illustration shows how such a setup works.

The yellow arrows indicate a direct link to a reference clock — our stratum 1 server has that. The red arrows indicate a network connection (over the internet) to 'upstream' servers, for example your stratum 2 or 3 server(s) that retrieve their time from (among others) our stratum 1 server(s).

It is generally a good idea not to rely on a single NTP server for time synchronisation. Until we have expanded our server infrastructure, we recommend configuring multiple NTP servers from other providers in the Netherlands as well. For example (but not exclusively):

• time1.esa.int
• ntp.vsl.nl
• ntp.ripe.net

The symbols indicate the likely (primary) reference clock for each system: for GNSS (i.e. GPS only, as far as we are aware) and for atomic clock. There are many more good NTP servers, both in the Netherlands and in neighbouring countries — this list is merely a suggestion.

Hard-coding 'ntp.time.nl' into the firmware of products marketed on a large scale, for example, is contrary to our terms of use. If you wish to do something like that, please contact us first. We follow the same policy as the NTP pool project, meaning that we reserve a dedicated name for your application ('ntp.brandname.time.nl') and discuss your requirements with you, so that we can better anticipate the potential risk of capacity overruns.

First of all: we are not lawyers. That said, we can tell you that NTP is on the so-called comply-or-explain list published by the Dutch government's Forum for Standardisation. That may mean you are required to ensure effective NTP time synchronisation on your network, and our service can play a valuable role in that. Proper time synchronisation is also a requirement for ISO 27001 certification.

In the Netherlands and internationally, quality requirements for time synchronisation have been or are being considered. Requirements have also been formulated at European level. And if you happen to be the expert in this field — please do bring us up to speed; we are always keen to learn!

We take privacy and the GDPR very seriously. We do not retain your personal data (i.e. your IP address) and we do not use it for any purpose other than maintaining and optimising this service and improving NTP in general. Read more about our approach to privacy on the site of our privacy board.

We will keep you informed about this service via this website, the SIDN Labs website, 𝕏 and occasionally also via the SIDN corporate website.

• E-mail timekeeperssidn.nl
• Report security vulnerabilities via our responsible disclosure procedure

The domain name 'time.nl', under which we offer this service, is secured with DNSSEC. If your system supports DNSSEC, you can be confident that you will not be directed to the wrong IP address when connecting to 'ntp.time.nl'. It is worth noting that correct time is important for DNSSEC to function properly. In some situations, this creates a chicken-and-egg problem. For instance, when systems without an embedded Real Time Clock (RTC) boot up, they may have no sense of the time (they might think it is 1-1-1970), yet still attempt DNSSEC validation in order to resolve the IP address of 'ntp.time.nl' — which then fails. Solutions for this have been devised, though it remains a point of attention. For systems that are already (roughly) synchronised, this is not an issue.

The standard (free and anonymous) public service does not include authentication. However, authentication based on symmetric keys is available to registered users by arrangement. Please let us know if you need it and why. The decision as to whether we can offer this to you rests with us, as does the decision on whether to do so free of charge or for a modest fee. We do impose certain conditions. For example, we do not use the MD5 algorithm for our keys. We also consider the 'autokey' protocol to be insufficiently secure. If you use OpenNTPd, so-called 'TLS constraints' may still be an option. We also support the Network Time Security (NTS) protocol. See below.

Network Time Security (NTS) is a relatively new standard that we have been offering support for in pilot form for some time. Since early 2022, however, NTS has also been available in our production environment. See https://nts.time.nl.

Yes, we support Roughtime on rough.time.nl:2002 as a pilot. This protocol is still under development and things may change, including the port number. So keep an eye on this site. Add the following to your server list:

{
  "servers": [
    {
      "name": "TimeNL-Roughtime",
      "version": "1",
      "publicKeyType": "ed25519",
      "publicKey": "v2CievhgKsxzlWPwIkYFUXeA51Akhkv5uhJCj1/kbiY=",
      "addresses": [
        {
          "protocol": "udp",
          "address": "rough.time.nl:2002"
        }
      ]
    }
  ]
}

But make sure you add at least two other Roughtime servers to your list as well! Also consider using our server's literal IPv4 and/or IPv6 addresses instead of the FQDN, to avoid DNSSEC bootstrap issues.

The Precision Time Protocol (PTP) is an even more accurate form of time synchronisation, with very specific applications. We do not offer PTP at the moment.

That is our public, experimental NTP server based on anycast. It consists of dozens of servers distributed around the world. Depending on where you are in the world, you will connect to the nearest server to synchronise your time. It is configured on our anycast testbed. We receive thousands of NTP queries from all over the world on this anycast testbed, because the system is part of the NTP pool.

Those are also public NTP servers (based on unicast). They are powerful systems capable of handling a large volume of NTP queries, and they are part of the NTP pool. In addition to NTP, they also support NTS (RFC8915).

We did consider it, but we wanted to do it properly. Not a simple JavaScript thing that merely shows the local time on your computer (even if it is wrong), but a clock that actually shows whether your PC is in sync or not. That was the plan — until we discovered that our friends at the German PTB had already built exactly that, and in a way we really cannot top (though we did adapt it into our own version). Oh, and if your device really is properly in sync, you might enjoy this railway station clock.