OpenNTPD 6.8p1 has been released, and is now available from your local OpenBSD mirror. This is the first stable release based on OpenBSD 6.8. It includes the following changes since OpenNTPD 6.2p3:
- The ntpd daemon now gets and sets the clock in a secure way when booting even when a battery-backed clock is absent.
- Improvements in DNS resolving and constraints checking, especially during startup. Unreliable NTP peers are removed from the pool and DNS resolving is repeated to add replacements.
- Improved reliability and security of TLS constraint checking.
- Improved logging of failure cases.
- Prevent the case of multiple ntpds running at once by checking presence of the local control socket.
- TLS certificates are now searched in TLSCACERT_FILE.
- The default ntpd.conf configuration file now uses 22.214.171.124 and 2620:fe::fe, in addition to google.com, when performing time constraint validation.
- Improved handling unsynched mode when there is no replies from an NTP server, such as when there are network connectivity issues.
- To build OpenNTPD with time constraint support, libtls from LibreSSL 3.2.2 or later is recommended.