First off this is going to be focused on FreeBSD, the concepts are the same on Linux but the command line flags may be different.
Why should I care? SSL certs won't work if your clock is off by months or years, your file system has meta data stored with every file that includes timestamps. Logs are all timestamped, and if you're trying to figure out when you were hacked, hard to do when none of your computers can agree on what time it is.
TL;DR - NTPdate sets the current time based on a query to NTP servers. NTPd keeps the time accurate. If you have machines that have a high uptime, use NTPd properly.
In FreeBSD, to update your system time upon boot (IMPORTANT NOTE: It ONLY syncs at boot or when manually run. Nothing more.), add the following to your
ntpdate_enable="YES" ntpdate_flags="-v -b"
ntpdate syncs off of NTP servers specified in
/etc/ntp.conf Now picking those servers you want to be a little choosy. Following this guide you are going to want to pick a few stratum 2 NTP servers that are:
- Geographically close to reduce latency and any network jitter.
- Route and network diverse, don't get your time from only one source.
- Use either one or four NTP servers, they will occasionally disagree on what time it is. With one, there's no question, with two, you have no idea, with three you're not usually sure. Four, you can figure out which one is wrong easier. More than that is unnecessary.
- Remember, NTPd only resolves NTP server IP addresses upon boot or forcing the config file to reload. If this is going to be a problem use cron to force a reload whenever appropriate.
To find a list of NTP servers from ntp.org, go here: https://support.ntp.org/bin/view/Servers/StratumTwoTimeServers. Pick four that are close to you but not all in the same region. For instance if you're in Texas, it is a good idea to pick a Texas server, one from New Mexico, one from Oklahoma and one from Arkansas or Louisana. Be sure to read the notes for each of the time servers, some say not to have more than two hosts from your local network sync time off of them. Usually the key is if you have over 100 hosts, you should be running your own NTP server(s), some hosts are more picky. Pay attention to that and do not abuse ntp.org's servers please.