Skip to content

Instantly share code, notes, and snippets.

@xdenb43

xdenb43/Mikrotik NTP failover configuration.md

Last active April 8, 2025 18:26
Show Gist options
  • Save xdenb43/23b967e31cb761f65fd02bdaf0c61bc3 to your computer and use it in GitHub Desktop.
Save xdenb43/23b967e31cb761f65fd02bdaf0c61bc3 to your computer and use it in GitHub Desktop.
Download ZIP
Mikrotik NTP failover configuration
Raw
Mikrotik NTP failover configuration.md

В связи с гонкой за недружественными ресурсами слишком часто стали страдать ресурсы дружественные.

NTP Client failover:

  • NTP сервер name resolution через DNS FWD, так как если настроен DoH и он недоступен, то ффсё

FQDN ("Resolved Address" will appear in the "Servers"- window in an appropriate column if the address is resolved) or IP address can be used. If DHCP-Client property use-peer-ntp=yes - the dynamic entries advertised by DHCP
To set the NTP server using its FQDN. The domain name will be resolved each time an NTP request is sent. Router has to have /ip/dns configured.

# ntp configuration | by xdenb43
# tested ROS 7.17.2+
# defconf network 192.168.88.1/24

/ip dhcp-client
add comment=defconf default-route-tables=main interface=ether1 use-peer-dns=\
    no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1 netmask=24 ntp-server=192.168.88.1

# doh as example. Set yours
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.4.4,1.0.0.1 use-doh-server=https://dns.google/dns-query verify-doh-cert=yes

/ip dns forwarders
add dns-servers=1.0.0.1,8.8.4.4,1.1.1.1,8.8.8.8,77.88.8.1,77.88.8.8 name=\
    "CF & G & Ya IPv4" verify-doh-cert=no
/ip dns static
add comment="NTP over static ipv4 DNS" forward-to="CF & G & Ya IPv4" \
    match-subdomain=yes name=pool.ntp.org type=FWD
add comment="NTP over static ipv4 DNS" forward-to="CF & G & Ya IPv4" \
    match-subdomain=yes name=ntp.msk-ix.ru type=FWD
add comment="NTP over static ipv4 DNS" forward-to="CF & G & Ya IPv4" \
    match-subdomain=yes name=vniiftri.ru type=FWD
    
/ip firewall nat
add action=redirect chain=dstnat comment="Incoming NTP redirect" \
    dst-address-type=!local dst-port=123 in-interface-list=LAN protocol=udp
    
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes multicast=yes

/system ntp client servers
add address=0.ru.pool.ntp.org
add address=1.ru.pool.ntp.org
add address=2.ru.pool.ntp.org
add address=3.ru.pool.ntp.org
add address=ntp.msk-ix.ru
add address=ntp1.vniiftri.ru
add address=ntp2.vniiftri.ru
add address=ntp3.vniiftri.ru
add address=ntp4.vniiftri.ru
add address=ntp5.vniiftri.ru

Пример NTP клиента в UI
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment