ntp.conf revision 335950
1193635Sedwin# 2193635Sedwin# $FreeBSD: stable/10/etc/ntp.conf 335950 2018-07-04 14:10:36Z ian $ 3193635Sedwin# 4193635Sedwin# Default NTP servers for the FreeBSD operating system. 5193635Sedwin# 6193635Sedwin# Don't forget to enable ntpd in /etc/rc.conf with: 7193635Sedwin# ntpd_enable="YES" 8193635Sedwin# 9193635Sedwin# The driftfile is by default /var/db/ntpd.drift, check 10193635Sedwin# /etc/defaults/rc.conf on how to change the location. 11193635Sedwin# 12193635Sedwin 13193635Sedwin# 14316121Scy# Set the target and limit for adding servers configured via pool statements 15316121Scy# or discovered dynamically via mechanisms such as broadcast and manycast. 16316121Scy# Ntpd automatically adds maxclock-1 servers from configured pools, and may 17316121Scy# add as many as maxclock*2 if necessary to ensure that at least minclock 18316121Scy# servers are providing good consistant time. 19316121Scy# 20316121Scytos minclock 3 maxclock 6 21316121Scy 22316121Scy# 23316121Scy# The following pool statement will give you a random set of NTP servers 24316121Scy# geographically close to you. A single pool statement adds multiple 25316121Scy# servers from the pool, according to the tos minclock/maxclock targets. 26316121Scy# See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages 27195652Sdwmalone# users with a static IP and good upstream NTP servers to add a server 28195652Sdwmalone# to the pool. See http://www.pool.ntp.org/join.html if you are interested. 29193635Sedwin# 30259974Sdelphij# The option `iburst' is used for faster initial synchronization. 31193635Sedwin# 32316121Scypool 0.freebsd.pool.ntp.org iburst 33193635Sedwin 34193635Sedwin# 35193635Sedwin# If you want to pick yourself which country's public NTP server 36316121Scy# you want to sync against, comment out the above pool, uncomment 37316121Scy# the next one, and replace CC with the country's abbreviation. 38316121Scy# Make sure that the hostname resolves to a proper IP address! 39193635Sedwin# 40316121Scy# pool 0.CC.pool.ntp.org iburst 41193635Sedwin 42193635Sedwin# 43316121Scy# To configure a specific server, such as an organization-wide local 44316121Scy# server, add lines similar to the following. One or more specific 45316121Scy# servers can be configured in addition to, or instead of, any server 46316121Scy# pools specified above. When both are configured, ntpd first adds all 47316121Scy# the specific servers, then adds servers from the pool until the tos 48316121Scy# minclock/maxclock targets are met. 49316121Scy# 50316121Scy#server time.my-internal.org iburst 51316121Scy 52316121Scy# 53259974Sdelphij# Security: 54193635Sedwin# 55259974Sdelphij# By default, only allow time queries and block all other requests 56259974Sdelphij# from unauthenticated clients. 57259974Sdelphij# 58316121Scy# The "restrict source" line allows peers to be mobilized when added by 59316121Scy# ntpd from a pool, but does not enable mobilizing a new peer association 60316121Scy# by other dynamic means (broadcast, manycast, ntpq commands, etc). 61316121Scy# 62259974Sdelphij# See http://support.ntp.org/bin/view/Support/AccessRestrictions 63259974Sdelphij# for more information. 64259974Sdelphij# 65335950Sianrestrict default limited kod nomodify notrap noquery nopeer 66335950Sianrestrict source limited kod nomodify notrap noquery 67316121Scy 68259974Sdelphij# 69259974Sdelphij# Alternatively, the following rules would block all unauthorized access. 70259974Sdelphij# 71259974Sdelphij#restrict default ignore 72259974Sdelphij# 73259974Sdelphij# In this case, all remote NTP time servers also need to be explicitly 74259974Sdelphij# allowed or they would not be able to exchange time information with 75259974Sdelphij# this server. 76259974Sdelphij# 77193635Sedwin# Please note that this example doesn't work for the servers in 78193635Sedwin# the pool.ntp.org domain since they return multiple A records. 79193635Sedwin# 80193635Sedwin#restrict 0.pool.ntp.org nomodify nopeer noquery notrap 81193635Sedwin#restrict 1.pool.ntp.org nomodify nopeer noquery notrap 82193635Sedwin#restrict 2.pool.ntp.org nomodify nopeer noquery notrap 83259974Sdelphij# 84259974Sdelphij# The following settings allow unrestricted access from the localhost 85259974Sdelphijrestrict 127.0.0.1 86335950Sianrestrict ::1 87193635Sedwin 88193635Sedwin# 89195652Sdwmalone# If a server loses sync with all upstream servers, NTP clients 90195652Sdwmalone# no longer follow that server. The local clock can be configured 91195652Sdwmalone# to provide a time source when this happens, but it should usually 92195652Sdwmalone# be configured on just one server on a network. For more details see 93195652Sdwmalone# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock 94195652Sdwmalone# The use of Orphan Mode may be preferable. 95193635Sedwin# 96195652Sdwmalone#server 127.127.1.0 97195652Sdwmalone#fudge 127.127.1.0 stratum 10 98295461Scy 99295461Scy# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14. 100295461Scy# for documentation regarding leapfile. Updates to the file can be obtained 101295461Scy# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. 102335950Sian# Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db. 103295461Scy#leapfile "/etc/ntp/leap-seconds" 104295461Scyleapfile "/var/db/ntpd.leap-seconds.list" 105