How to Override DHCP-Supplied NTP Configuration in Debian Systems


4 views

When a Debian server obtains its network configuration via DHCP, it typically receives NTP server information through DHCP option 42. This automatic configuration can conflict with manually specified NTP servers in /etc/ntp.conf, with DHCP settings often taking precedence.

The proper Debian way to prevent DHCP from modifying your NTP configuration is to modify the DHCP client configuration:

# Edit the DHCP client configuration
sudo nano /etc/dhcp/dhclient.conf

Add or modify the following line:

supersede ntp-servers 127.127.1.0;

This tells dhclient to ignore the NTP servers provided by DHCP and use your local configuration instead. The IP 127.127.1.0 is a placeholder that will be ignored by ntpd when it reads the real configuration from /etc/ntp.conf.

For Debian systems using isc-dhcp-client, you can prevent the DHCP client from touching NTP configuration at all:

# For systems using isc-dhcp-client (most Debian versions)
sudo nano /etc/dhcp/dhclient-enter-hooks.d/ntp

Comment out or remove all content in this file. Alternatively, you can create an empty file if it doesn't exist:

sudo touch /etc/dhcp/dhclient-enter-hooks.d/ntp
sudo chmod a+x /etc/dhcp/dhclient-enter-hooks.d/ntp

After making changes, you should:

  1. Restart networking: sudo systemctl restart networking
  2. Restart NTP service: sudo systemctl restart ntp
  3. Verify NTP peers: ntpq -pn

On newer Debian versions using systemd-timesyncd instead of ntpd, you'll need to:

sudo nano /etc/systemd/timesyncd.conf

Uncomment and set:

[Time]
NTP=your.preferred.ntp.server
FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org

Then apply with:

sudo timedatectl set-ntp true
sudo systemctl restart systemd-timesyncd

To confirm your NTP configuration is working as intended:

# Check time synchronization status
timedatectl status

# View active NTP servers
systemctl status systemd-timesyncd
# Or for ntpd:
ntpq -pn

When a Debian system receives network configuration via DHCP, it typically includes NTP server information. This can conflict with your local /etc/ntp.conf settings, especially when the DHCP-provided NTP servers don't use UTC or aren't reliable enough for your needs.

Debian's default DHCP client (isc-dhcp-client) writes received NTP information to /var/lib/ntp/ntp.conf.dhcp. The NTP daemon (ntpd) then gives priority to these DHCP-provided servers over your static configuration.

The cleanest solution is to configure the DHCP client to ignore NTP options:

# Edit /etc/dhcp/dhclient.conf
supersede ntp-servers 127.127.1.0;  # Use local clock as fallback
request subnet-mask, broadcast-address, time-offset, routers,
        domain-name, domain-name-servers, host-name;
# Notice we omitted 'ntp-servers' from the request list

For systems using systemd-timesyncd:

# Create override file
mkdir -p /etc/systemd/timesyncd.conf.d
echo -e "[Time]\nNTP=" > /etc/systemd/timesyncd.conf.d/disable-dhcp-ntp.conf

If you're using the classic ntpd package, modify its configuration:

# Edit /etc/ntp.conf
# Add these lines to ignore DHCP-provided servers
tinker panic 0
disable dynamic

# Then specify your preferred servers
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst

After making changes, restart services and verify:

systemctl restart networking
systemctl restart ntp
ntpq -pn

The output should show only your configured NTP servers, not any DHCP-provided ones.