I would like to suggest a migration from ntpd to chronyd.
Easier to support vrf's, simpler config file, no need to listen on port 123 to sync time unless you intend to accept inbound connections, no need to listen on localhost to check status.
Example config file:
# These servers were defined in the installation: pool 0.pool.ntp.org. iburst pool 1.pool.ntp.org. iburst pool 2.pool.ntp.org. iburst pool 3.pool.ntp.org. iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Get TAI-UTC offset and leap seconds from the system tz database. leapsectz right/UTC # You can include data from any files in a directory. #include /etc/chrony.d/*.conf # Binds the socket on which chronyd listens for NTP requests to a local address of the computer. #bindaddress 192.168.1.1 # The allow directive is used to designate a particular subnet from which NTP clients are allowed to access the computer as an NTP server. #allow 192.168.0.0/16 #allow 2001:db8::/32