Check-NTP / Chrony vs ntpd vs systemd-timesyncd
TL;DR — Quick Recommendation
| Use Case | Recommendation | Why |
|---|
| Production servers |
chrony |
Full NTP + NTS, fast convergence, server mode |
| Desktop Linux |
chrony or timesyncd |
chrony for best accuracy, timesyncd if already installed |
| Containers / minimal VMs |
timesyncd |
Smallest footprint, no config needed |
| Security-critical |
chrony + NTS |
Only mature NTS implementation |
| NTP server / pool |
chrony |
Can serve time, handle hardware refclocks |
| Memory-safe alternative |
ntpd-rs |
Rust-based, NTS support, production-ready since 2024 |
Short answer
Use chrony. It's the default on RHEL, Fedora, CentOS, Arch, and recommended by most distributions. It does everything ntpd does, but better.
Feature Comparison Table
| Feature |
chrony |
ntpd (ref) |
timesyncd |
ntpd-rs |
| NTP client |
Yes |
Yes |
Yes (SNTP) |
Yes |
| NTP server |
Yes |
Yes |
No |
Yes |
| NTS support |
Yes (v4.0+) |
No |
No |
Yes |
| Hardware refclocks |
Yes (PPS, SHM, SOCK) |
Yes |
No |
No |
| Leap smearing |
Yes |
Limited |
No |
Yes |
| Fast initial sync |
Seconds |
Minutes |
Seconds |
Seconds |
| Intermittent network |
Excellent |
Poor |
OK |
Good |
| Memory safety |
C (audited) |
C (legacy) |
C (systemd) |
Rust |
| Monitoring CLI |
chronyc |
ntpq |
timedatectl |
ntp-ctl |
| Active development |
Yes |
Minimal |
Yes |
Yes |
| Default on |
RHEL, Fedora, CentOS, Arch |
Legacy systems |
Ubuntu, Debian |
— |
Chrony: The Modern Standard
Chrony is the recommended NTP client for virtually all modern Linux deployments. Written by Miroslav Lichvar (Red Hat), it was designed from the ground up to handle real-world conditions that ntpd struggles with.
Key Advantages
- Fast convergence — Syncs within seconds of startup, vs minutes for ntpd
- NTS support — Cryptographic authentication via TLS 1.3 (since v4.0)
- Intermittent connectivity — Handles laptops, mobile devices, and unstable networks gracefully
- VM-friendly — Handles clock jumps from live migration and snapshot restore
- Lower resource usage — Less CPU and memory than ntpd
Minimal Configuration
server ntp-pool.rdem-systems.com iburst nts
server ptbtime1.ptb.de iburst nts
server time.cloudflare.com iburst nts
pool pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
Essential Commands
root@server:~# chronyc tracking
root@server:~# chronyc sources -v
root@server:~# chronyc authdata
root@server:~# chronyc makestep
ntpd: The Legacy Reference
The original NTP daemon, developed by David L. Mills starting in 1985. While historically important, it is now considered legacy software.
Why you should migrate away from ntpd
- No NTS support — cannot use authenticated time
- Slow initial sync (requires multiple poll cycles to converge)
- Poor handling of intermittent connectivity
- Large, complex C codebase with limited ongoing maintenance
- Cannot tolerate large clock jumps (problematic in VMs)
Still Using ntpd? Check Your Sync
root@server:~# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*pool-ntp.rdem-s .GPS. 1 u 34 64 377 4.231 0.145 0.089
NTPsec: a hardened fork
NTPsec is a security-focused fork of ntpd with NTS support, reduced codebase, and improved security practices. If you must stay with the ntpd ecosystem, NTPsec is a better choice than the reference implementation.
systemd-timesyncd: The Lightweight Option
Built into systemd, systemd-timesyncd is a minimal SNTP client. It handles basic time synchronization with almost zero configuration.
When It's Enough
- Desktop systems that just need "correct enough" time
- Containers where minimal footprint matters
- Systems where installing additional packages is undesirable
When It's Not Enough
- You need to serve time to other machines
- You need NTS (authenticated time)
- You need sub-millisecond accuracy
- You need hardware reference clock support
Configuration
[Time]
NTP=ntp-pool.rdem-systems.com pool.ntp.org
FallbackNTP=time.cloudflare.com
root@server:~# timedatectl status
Local time: Mon 2026-03-10 14:30:15 CET
Universal time: Mon 2026-03-10 13:30:15 UTC
RTC time: Mon 2026-03-10 13:30:15
Time zone: Europe/Paris (CET, +0100)
System clock synchronized: yes
NTP service: active
ntpd-rs: The Rust Newcomer
ntpd-rs is a modern NTP implementation written in Rust by the Trifecta Tech Foundation, funded by NLnet and ISRG (the organization behind Let's Encrypt). It reached v1.0 in 2024.
Key Features
- Memory safety — Rust eliminates entire categories of security vulnerabilities
- NTS support — Built-in from the start
- Modern architecture — Async I/O, structured logging
- NTP server mode — Can serve time to clients
Installation
$ cargo install ntpd-rs
root@server:~# apt install ntpd-rs
When to choose ntpd-rs
Consider ntpd-rs if memory safety is a priority (security-sensitive environments) and you don't need hardware refclock support. For most other cases, chrony remains the more mature and widely-supported choice.
Migrating from ntpd to chrony
Step 1: Note your current servers
root@server:~# grep "^server\|^pool" /etc/ntp.conf
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
Step 2: Install chrony and remove ntpd
root@server:~# apt install chrony && apt remove ntp
root@server:~# dnf install chrony && dnf remove ntp
Step 3: Configure chrony
server ntp-pool.rdem-systems.com iburst nts
pool pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 192.168.0.0/16
allow 10.0.0.0/8
Step 4: Start and verify
root@server:~# systemctl enable --now chronyd
root@server:~# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Ref ID Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp-pool.rdem> 2 6 377 23 -145us[ -201us] +/- 12ms
Migration complete
If chronyc sources shows a ^* next to at least one source, your migration is successful. The system is synchronized.
Frequently Asked Questions
Should I use chrony or ntpd?
Use chrony. It converges faster, handles intermittent connectivity better, supports NTS, and uses fewer resources. ntpd is legacy software.
What is the difference between chrony and systemd-timesyncd?
systemd-timesyncd is a lightweight SNTP client for basic sync. chrony is a full NTP implementation that can serve time, handle hardware refclocks, support NTS, and provide sub-millisecond accuracy. Use chrony for servers, timesyncd for minimal desktops/containers.
Does ntpd support NTS?
No. The reference ntpd does not support NTS. Only chrony (v4.0+), NTPsec, and ntpd-rs support NTS. If you need authenticated time, switch to one of these.
What is ntpd-rs?
A modern NTP implementation written in Rust by Trifecta Tech Foundation. Memory-safe, NTS-capable, and production-ready since 2024. Good for security-sensitive environments that don't need hardware refclocks.
Can I run chrony and timesyncd at the same time?
No. Only one NTP service should manage the clock. When installing chrony, it automatically disables timesyncd. Verify with timedatectl status.