> I cheat and have an authoritative NTP server locally and then override dns for pool.ntp.org and friends.
Generally if you've made the effort to have internal recursive DNS server(s) for your network, then just enable NTPd or chrony as well and have a single source of Time Truth for your network.
Point to ≥4 NTP servers, even using pool.ntp.org, and you probably don't have to worry about false ticker(s) either.
I do this, with all the trimmings (running in kernel space, PTP simulation, etc). I appreciate that a good estimation of the time inside the non-deterministic OS is being made, but I haven't quite wrapped my head around what it means to extract the time from that non-deterministic OS.
Generally if you've made the effort to have internal recursive DNS server(s) for your network, then just enable NTPd or chrony as well and have a single source of Time Truth for your network.
Point to ≥4 NTP servers, even using pool.ntp.org, and you probably don't have to worry about false ticker(s) either.