┌──────────────────────────────────────────────────────────────────────────────┐ │ DWS ntp.dws.rip AS30179 | 2602:f4e8::/40 *│ │ [DWS] [DNS] [NTP] [SONAR] [GLASS] [STATUS] │ ├──────────────────────────────────────────────────────────────────────────────┤ │ Public NTP with NTS authentication. │ │ Stratum 2 — synced to Netnod stratum 1 atomic clocks. │ │ 8 nodes across 4 countries. Also serving Roughtime. │ │ │ │ Time: 2026-03-29 10:29:16 UTC │ │ Nodes: 7/7 online │ │ Stratum: 2 (upstream NTS: Netnod stratum 1) │ │ NTS-KE: 7/7 serving (port 4460) │ │ Roughtime: 2 servers (port 2002) │ │ │ ├─ SERVERS ────────────────────────────────────────────────────────────────────┤ │ │ │ NODE IPv4 STR STATUS OFFSET NTS UPSTREAM │ │ ──────────────────────────────────────────────────────────────── │ │ │ │ UK-01 91.208.92.70 str=2 OK -0.16ms nts=yes 194.58.203.196 │ │ SK-02 91.242.163.112 str=2 OK 1.64ms nts=yes 71.246.194.106 │ │ US-04 173.199.127.44 str=2 OK 3.39ms nts=yes 162.143.190.16 │ │ US-05 72.60.69.179 str=2 OK 0.99ms nts=yes 104.80.129.65 │ │ US-07 108.165.123.31 str=2 OK -2.44ms nts=yes 162.143.190.16 │ │ US-08 136.0.41.84 str=2 OK 4.60ms nts=yes 235.199.150.246 │ │ EU-10 118.91.187.140 str=2 OK 51.67ms nts=yes 158.88.255.197 │ │ │ ├─ CONNECT ────────────────────────────────────────────────────────────────────┤ │ │ │ Protocol Address Port │ │ ─────────────── ──────────────────── ───────────────── │ │ NTP ntp.dws.rip 123/udp │ │ NTS ntp.dws.rip 4460/tcp (NTS-KE) │ │ Roughtime time.dws.rip 2002/udp │ │ NTP (US) ntp-us.dws.rip 123/udp │ │ NTP (EU) ntp-eu.dws.rip 123/udp │ │ │ │ Individual server IPs (plain NTP): │ │ │ │ 173.199.127.44 US-04 45.157.118.160 NL-11 │ │ 91.208.92.70 UK-01 91.242.163.112 SK-02 │ │ 72.60.69.179 US-05 108.165.123.31 US-07 │ │ 136.0.41.84 US-08 118.91.187.140 EU-10 │ │ │ │ Roughtime servers: │ │ UK-01 91.208.92.70:2002 | US-05 72.60.69.179:2002 │ │ │ ├─ SETUP ──────────────────────────────────────────────────────────────────────┤ │ │ │ Linux (chrony — recommended) ────────────────────────────────────────────── │ │ │ │ # /etc/chrony/conf.d/dws.conf │ │ server ntp.dws.rip iburst nts │ │ server ntp-us.dws.rip iburst nts │ │ │ │ $ sudo systemctl restart chronyd │ │ $ chronyc tracking │ │ │ │ NTS authenticates time responses, preventing MITM attacks. │ │ Requires chrony 4.0+ (most modern Linux distros). │ │ │ │ Linux (systemd-timesyncd) ───────────────────────────────────────────────── │ │ │ │ # /etc/systemd/timesyncd.conf │ │ [Time] │ │ NTP=ntp.dws.rip │ │ FallbackNTP=ntp-us.dws.rip ntp-eu.dws.rip │ │ │ │ $ sudo systemctl restart systemd-timesyncd │ │ $ timedatectl timesync-status │ │ │ │ Linux (ntpd / ntpsec) ───────────────────────────────────────────────────── │ │ │ │ # /etc/ntp.conf │ │ server ntp.dws.rip iburst │ │ server 173.199.127.44 iburst │ │ server 45.157.118.160 iburst │ │ │ │ FreeBSD ─────────────────────────────────────────────────────────────────── │ │ │ │ # /etc/rc.conf │ │ ntpd_enable="YES" │ │ # /etc/ntp.conf │ │ server ntp.dws.rip iburst │ │ │ │ macOS ───────────────────────────────────────────────────────────────────── │ │ │ │ System Settings > General > Date & Time │ │ Set time server: `ntp.dws.rip` │ │ │ │ CLI: `$ sudo sntp -sS ntp.dws.rip` │ │ │ │ Windows ─────────────────────────────────────────────────────────────────── │ │ │ │ Settings > Time & Language > Date & Time │ │ Additional clocks > Internet Time > Change settings │ │ Server: `ntp.dws.rip` │ │ │ │ PowerShell: │ │ │ │ Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\ │ │ Restart-Service w32time │ │ │ │ Router / OpenWrt ────────────────────────────────────────────────────────── │ │ │ │ Most routers: Admin > System > NTP Server > ntp.dws.rip │ │ │ │ OpenWrt: │ │ │ │ uci set system.ntp.server='ntp.dws.rip' │ │ uci commit system │ │ /etc/init.d/sysntpd restart │ │ │ │ NTS (Network Time Security) ─────────────────────────────────────────────── │ │ │ │ NTS (RFC 8915) authenticates NTP, preventing man-in-the-middle │ │ attacks on time sync. This matters because TLS, DNSSEC, Kerberos, │ │ and log correlation all depend on correct time. │ │ │ │ $ chronyc -a authdata │ │ # NTS column should show "NTS" │ │ │ │ NTS-KE (Key Establishment) on port 4460/TCP. │ │ Certificate: ntp.dws.rip (Let's Encrypt, auto-renewed). │ │ All 8 nodes serve NTS. │ │ │ │ Roughtime ───────────────────────────────────────────────────────────────── │ │ │ │ Roughtime provides authenticated time with cryptographic │ │ proof. Useful for bootstrapping trust before NTS/TLS. │ │ │ │ roughenough_client -k <pubkey> 91.208.92.70 2002 │ │ │ │ The Roughtime ecosystem is small: Google, Cloudflare, │ │ Apple, and a handful of independents. DWS is one of them. │ │ │ │ Servers: UK-01 (91.208.92.70:2002), US-05 (72.60.69.179:2002) │ │ │ ├─ INFRASTRUCTURE ─────────────────────────────────────────────────────────────┤ │ │ │ Chrony on all 8 nodes — NTS server mode with │ │ Let's Encrypt EC-256 certs, auto-renewed via acme.sh. │ │ │ │ Upstream NTS sources (stratum 1): │ │ Netnod (Sweden) — GPS-disciplined atomic clocks │ │ nts.netnod.se (prefer), time.dfm.dk, time.cloudflare.com │ │ │ │ stratumweight 10 ensures stratum 1 sources are preferred. │ │ │ │ roughenough (Rust) on UK-01 + US-05 — port 2002/UDP. │ │ │ ├─ ABOUT ──────────────────────────────────────────────────────────────────────┤ │ │ │ 8 nodes across 4 countries (US, UK, SK, NL). │ │ Sub-millisecond accuracy on nearby nodes. │ │ No query logging. Stratum 2. AS30179. │ │ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ │ │ |\__/,| (`\ │ │ _.|o o |_ ) ) Independent infrastructure on AS30179. │ │ -(((---(((-------- No logging. No PII. Source: code.dws.rip │ │ │ │ [dws.rip] [ntp] [dns] [sonar] [glass] [status] │ │ │ │ It's your internet, take it back. │ │ DWS.RIP | AS30179 | 2602:f4e8::/40 (c) 2026 │ └──────────────────────────────────────────────────────────────────────────────┘