NTP Server for iPads

JKling
New Contributor III

Is there a way to push out a new NTP server address to iPads?

Our ISP has blocked access to all NTP servers in an attempt to mitigate exploits in the NTP protocol (there excuse) and the only on I have access to is theirs.

I was looking around and could not find a way to push out a new server address...

7 REPLIES 7

nevens
New Contributor

Knowing the contextual need for ntp on an iPad would be helpful. Are you developing time-sensitive applications? What you're describing, I believe, would require a client app on the iPad, if you're using strict NTP. It would require lots of check-ins over a period of time.

bentoms
Release Candidate Programs Tester

I think they use time.apple.com, you can try & create a DNS entry pointing to another NTP.

But I verify, have a nose at your firewall logs for outbound UDP port 123 traffic from an iPad.

gachowski
Valued Contributor II

Our iPad guys couldn't find anyway to set a preferred time server in iOS...

C

John_Wetter
Release Candidate Programs Tester

I agree with @bentoms, you will likely have the best luck just using internal DNS to make it work. @nevens, there are lots of good reasons to make sure NTP is working... First in a student 1:1 environment is just to keep the time right on the iPad. You'd be surprised how much chaos can happen just from a few minutes delta on the times of iPads in a classroom.

Damien
New Contributor

Similar to @bentoms we have created zones with an Host ( A ) record in each with no host just an IP address pointing to your internal NTP server for the following domains

time.asia.apple.com
time.apple.com
time.euro.apple.com

We have been using this method successfully for a number of years now.

jarednichols
Honored Contributor

iOS uses time.apple.com and there isn't a way to change it on the device itself.

DNS redirection is likely your best bet until your ISP understands that it's not their job to filter your internet access.

DrRossJohnson
New Contributor

I use DNAT in my nftables firewall to redirect internal NTP clients to my NTP server.  In contrast to the DNS solution, this allows me to ping and/or to access other ports on external NTP servers (if they allow it), doesn't require me to hunt down all the rebellious NTP clients on my network while new devices are added, and it keeps my DNS server simpler.