Variants
Choose the leap-second policy that fits your stack. Each variant runs on a dedicated chrony instance with the same privacy guarantees and NTS support. The apex public-utc.com serves this website only — not NTP.
| Variant | Hostname | Leap-second policy | Best for | Configure |
|---|---|---|---|---|
| Smear | smear.public-utc.com |
Gradual smear window | Recommended — monotonic time across leap events | smear.html |
| Leap | leap.public-utc.com |
Passed through (no smear) | Stacks that require a step at the UTC boundary | leap.html |
Quick start (Smear, recommended):
server smear.public-utc.com iburst nts
See smear.html or leap.html for full client configuration.
Mission
Public UTC exists to give anyone a fast, private, authenticated source of time — no signup, no tracking, no paywall. We serve plain NTP and NTS-secured NTP on two dedicated subdomains so you can pick the leap-second policy your stack needs, synchronise against an intentionally diverse set of stratum-1 references run by national metrology institutes and military timing labs, and never log client traffic.
The server is operated as a public good: hardware, bandwidth, and time are donated, the configuration is boring on purpose, and the privacy guarantees are structural rather than promised. Everything on this page — the endpoints, the policy, and the operational stack — is documented so anyone can reproduce, audit, or take over the setup if they need to.
Privacy
We do not log NTP client requests. No client data is stored, sold, or shared with third parties.
- No client logging — NTP queries are never written to disk.
- Encrypted storage — all data at rest is protected with ZFS native encryption.
- No shell history — operator sessions leave no command history on the server.
- Headless server — eliminating physical access vectors.
- Operational logs only — the daemon records its own tracking and measurements against upstream references, not client requests.
- No analytics or trackers — this site is static HTML and sets no cookies.
Features
| Category | Detail |
|---|---|
| Client logging | Disabled |
| Data at rest | ZFS encrypted |
| Protocols | NTP (RFC 5905), NTS (RFC 8915) |
| Stacks | IPv4 and IPv6 |
| Stratum | 2 — diverse stratum-1 upstream ensemble |
| Smear variant | smear.public-utc.com — gradual leap-second smear (recommended) |
| Leap variant | leap.public-utc.com — leap seconds passed through |
| NTS certificate | ECC TLS; NTS-KE on TCP 4460 |
| NTS key rotation | Every 7 days (ntsrotate 604800) |
| Rate limit (NTP) | interval 1 burst 16 leak 2 |
| Rate limit (NTS-KE) | interval 3 burst 1 leak 2 |
| Cost | $0 |
Infrastructure
| Component | Detail |
|---|---|
| Operating system | FreeBSD |
| Daemon | chrony 4.x — two instances (smear and leap), each serving NTP and NTS-KE |
| Smear endpoint | smear.public-utc.com — leapsecmode slew with smoothtime (recommended) |
| Leap endpoint | leap.public-utc.com — leapsecmode ignore (pass-through) |
| Filesystem | ZFS — native encryption, snapshots |
| Stratum | 2 — ensemble of authenticated stratum-1 references |
| NTS rate limit | interval 3 burst 1 leak 2 (KE); interval 1 burst 16 leak 2 (NTP) |
| NTS key rotation | Every 7 days (ntsrotate 604800) |
| TLS certificate | ECC; NTS-KE on TCP 4460 |
| Operator session | No shell history retained |
The system has no remote console exposed to the public internet beyond the services listed above.
Upstream References
An intentionally diverse set of stratum-1 references run by national metrology institutes and military timing labs across multiple jurisdictions. USNO and NIST realise UTC independently; European and Asian institutes contribute further to BIPM's UTC ensemble. No single upstream — and no single country — can shift the served clock.
| Operator | Region | Servers | NTS |
|---|---|---|---|
| NIST National Institute of Standards and Technology |
USA | time-a-g.nist.gov, time-b-g.nist.gov, time-a-wwv.nist.gov, time-b-wwv.nist.gov, time-a-b.nist.gov, time-b-b.nist.gov |
— |
| USNO US Naval Observatory |
USA | tick.usno.navy.mil, tock.usno.navy.mil |
— |
| PTB Physikalisch-Technische Bundesanstalt |
Germany | ptbtime1.ptb.de … ptbtime4.ptb.de |
yes |
| NPL National Physical Laboratory |
UK | ntp1.npl.co.uk, ntp2.npl.co.uk |
— |
| METAS Federal Institute of Metrology |
Switzerland | ntp11.metas.ch, ntp12.metas.ch |
— |
| INRIM Istituto Nazionale di Ricerca Metrologica |
Italy | ntp1.inrim.it, ntp2.inrim.it |
— |
| NICT National Institute of Information and Communications Technology |
Japan | ntp.nict.jp |
— |
Troubleshooting
Variant-specific notes are on smear.html and leap.html. General guidance:
- NTS-KE fails — allow outbound TCP 4460; TLS-intercepting middleboxes break NTS.
- Clock far off — bootstrap with plain NTP or set the clock manually before enabling NTS.
- Certificate rejected — set SNI to the variant hostname; wrong system time causes TLS validation failure.
- Mixed variants — do not configure both
smear.public-utc.comandleap.public-utc.comon the same host.
FAQ
Is this really free?
Yes. There is no charge, no sign-up, no API key. Donations via Bitcoin are appreciated but not required — see Contact.
Which hostname should I use?
Use smear.public-utc.com (recommended) — see smear.html. Use leap.public-utc.com only if your stack explicitly requires leap seconds passed through — see leap.html. public-utc.com is this website only.
What's the difference between NTP and NTS?
NTP synchronises your clock. NTS adds cryptographic authentication on top, so an on-path attacker can't silently feed you a wrong time. NTS uses TLS for an initial key exchange (NTS-KE on TCP/4460), then attaches authenticated cookies to ordinary NTP packets on UDP/123.
Why should I care about authenticated time?
A wrong clock breaks TLS certificate validation, Kerberos, TOTP/2FA, log correlation, and many security protocols. If an attacker can shift your clock, they can extend the validity of expired certificates, replay credentials, or hide log entries. NTS prevents that.
Can I use this for production?
Yes. Both variants are synchronised against a broad set of stratum-1 references (see Upstream References), so a single upstream going offline or misbehaving cannot move the served clock.
Do you log my IP?
No. NTP client traffic is not written to disk. Operational logs cover the daemon's internal tracking and measurements against its own upstreams, not client requests.
What stratum is the server?
Stratum 2 — one hop below an ensemble of stratum-1 references operated by national metrology institutes and military timing labs.
Is IPv6 supported?
Yes. Both IPv4 and IPv6 are served on each subdomain.
Do you smear leap seconds?
smear.public-utc.com (recommended) applies a gradual smear window. leap.public-utc.com passes leap seconds through as a one-second step. Pick one — do not mix them on the same host.
What's the SLA?
Best-effort. The service is operated as a public good, not a paid product.
Acceptable Use
- Use sane polling intervals. chrony and ntpsec defaults are fine.
- Do not hardcode
leap.public-utc.comorsmear.public-utc.comin shipping consumer products or appliances without contacting us first. - Do not use the service to amplify or proxy traffic to third parties.
- Abusive sources may be rate-limited or blocked without notice.
Managed Services
Beyond the public time service, we offer managed private NTP and NTS deployments for organisations that need their own controlled time source — regulated environments, exchanges, broadcasters, ISPs, enterprises, and anyone who wants the same operational model on their own infrastructure or hosted by us.
Typical engagements include:
- Dedicated chrony / ntpsec time servers with custom upstream policy and NTS-KE certificates issued for your domain.
- Anycast or multi-site NTP for latency-sensitive deployments.
- Stratum-1 deployments with GNSS / PTP / atomic-clock disciplining.
- Hardened time appliances built on FreeBSD, ZFS, and chrony.
- Bare-metal management — provisioning, OS hardening, monitoring, patching, and on-call response.
- Migration from existing setups (ntpd, w32time) to authenticated NTS.
For pricing and scoping, see Contact.
Sponsors
Public UTC is operated as a public good and runs on volunteer time, donated bandwidth, and out-of-pocket hardware. Sponsorships keep it that way — no ads, no tracking, no paywalled tiers.
Sponsors receive a logo and link on this page for the duration of the sponsorship, with no influence over editorial or operational decisions. If you need operational support, SLAs, or a dedicated time service, see Managed Services instead.
Any contribution helps — there are no fixed amounts and no tiers. Sponsorships can be invoiced (EUR, SEPA / SWIFT) or paid in BTC. To set one up, see Contact.
No sponsors yet.
Legal
Trademarks
All project, institute, and product names referenced on this site — including NIST, USNO, PTB, NPL, METAS, INRIM, NICT, chrony, ntpsec, FreeBSD, ZFS, Linux, Windows, and macOS — are the property of their respective owners. Public UTC is an independent NTP operator and is not affiliated with, endorsed by, or sponsored by any of these organisations unless explicitly stated.
Content
Public UTC distributes time derived from stratum-1 references operated by the institutes listed under Upstream References. We add nothing and modify nothing in the time signal beyond ordinary stratum-2 disciplining and the leap-second policy of the variant you select.
Warranty disclaimer
This service is provided "as is" and "as available", without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, or uninterrupted availability. Use of this time service is at your own risk.
Limitation of liability
To the maximum extent permitted by applicable law, the operators of Public UTC shall not be liable for any direct, indirect, incidental, consequential, or special damages arising from the use of, or inability to use, this service.
Abuse and takedowns
To report abusive use, contact us via Contact with the source IP(s) and the basis for the request.
Privacy
We do not log individual NTP requests, set cookies, or run analytics. See Privacy for details.
Other Projects
| Site | Service |
|---|---|
| public-consortium.com | Project home and operations |
| public-adns.com | Public authoritative DNS service |
| public-rdns.com | Public recursive DNS service |
| public-blank.com | Public static / parking service |
| public-repo.com | Public mirror service |
| public-utc.com | Public NTP / NTS time service (this site) |