The subject of the blog post reveals the main discussion point of this post, which is that macOS since macOS 10.13.x High Sierra has only supported setting one NTP (Network Time Protocol) server as a way to set the system time in macOS. For more on this, please see below the jump.
Before macOS High Sierra 10.13.x, Apple was using NTP for its network time service via the ntpd service and NTP did support setting multiple time servers on macOS Sierra and earlier. In fact, if you look at Apple’s example profile in YAML format for managing the time server settings, there’s even a comment that you should use commas to separate multiple time servers:
However, the key thing to look at there is when the example profile was first introduced, which was macOS Sierra 10.12.4. At the time of macOS Sierra 10.12.x, the comment was correct because Apple was using NTP to set the system clock via the ntpd service at that point. It became incorrect when Apple introduced the timed service in macOS 10.13.x. So what is timed and how does it relate to why you can only set one NTP time server address?
The timed service is Apple’s own system time service, which among other things addressed Apple’s concerns about the known vulnerabilities in NTP. If we look at the timed man page, it says that it uses technologies like NTP to set the time.
The mention of multiple technologies implies the truth for this matter, that it’s drawing on NTP but it doesn’t only use NTP to set the system clock. The undocumented part at this point is that while you can set multiple NTP servers, the timed service will use the first server set in the list of NTP servers and ignore any others. Because this is undocumented, I can’t point to an authoritative source for this, but there is a way to verify:
1. Set multiple NTP servers on a test Mac.
2. Set time manually to an incorrect time.
3. On the test Mac, block network access to the first server and/or make it impossible to resolve the first server’s DNS address.
4. Reboot the test Mac.
5. Set time from being manually set to automatically set.
6. See if the time sets itself to the correct time.
Expected result: It should not set itself to the correct time.
7. Set time to being manually set.
8. Unblock access to first server
9. Repeat steps 4 through 6 listed above.
Expected result: The time should set itself to the correct time.