ntp.conf revision 316121
1262569Simp# 2262569Simp# $FreeBSD: stable/10/etc/ntp.conf 316121 2017-03-29 01:32:34Z cy $ 3262569Simp# 4262569Simp# Default NTP servers for the FreeBSD operating system. 5262569Simp# 6262569Simp# Don't forget to enable ntpd in /etc/rc.conf with: 7262569Simp# ntpd_enable="YES" 8262569Simp# 9262569Simp# The driftfile is by default /var/db/ntpd.drift, check 10262569Simp# /etc/defaults/rc.conf on how to change the location. 11270864Simp# 12270864Simp 13262569Simp# 14262569Simp# Set the target and limit for adding servers configured via pool statements 15262569Simp# or discovered dynamically via mechanisms such as broadcast and manycast. 16262569Simp# Ntpd automatically adds maxclock-1 servers from configured pools, and may 17262569Simp# add as many as maxclock*2 if necessary to ensure that at least minclock 18262569Simp# servers are providing good consistant time. 19262569Simp# 20262569Simptos minclock 3 maxclock 6 21262569Simp 22262569Simp# 23284090Sian# The following pool statement will give you a random set of NTP servers 24284090Sian# geographically close to you. A single pool statement adds multiple 25284090Sian# servers from the pool, according to the tos minclock/maxclock targets. 26284090Sian# See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages 27284090Sian# users with a static IP and good upstream NTP servers to add a server 28284090Sian# to the pool. See http://www.pool.ntp.org/join.html if you are interested. 29284090Sian# 30270864Simp# The option `iburst' is used for faster initial synchronization. 31270864Simp# 32270864Simppool 0.freebsd.pool.ntp.org iburst 33270864Simp 34270864Simp# 35270864Simp# If you want to pick yourself which country's public NTP server 36270864Simp# you want to sync against, comment out the above pool, uncomment 37270864Simp# the next one, and replace CC with the country's abbreviation. 38270864Simp# Make sure that the hostname resolves to a proper IP address! 39270864Simp# 40270864Simp# pool 0.CC.pool.ntp.org iburst 41270864Simp 42262569Simp# 43262569Simp# To configure a specific server, such as an organization-wide local 44270864Simp# server, add lines similar to the following. One or more specific 45270864Simp# servers can be configured in addition to, or instead of, any server 46262569Simp# pools specified above. When both are configured, ntpd first adds all 47270864Simp# the specific servers, then adds servers from the pool until the tos 48262569Simp# minclock/maxclock targets are met. 49270864Simp# 50262569Simp#server time.my-internal.org iburst 51262569Simp 52262569Simp# 53262569Simp# Security: 54262569Simp# 55262569Simp# By default, only allow time queries and block all other requests 56262569Simp# from unauthenticated clients. 57270864Simp# 58262569Simp# The "restrict source" line allows peers to be mobilized when added by 59270864Simp# ntpd from a pool, but does not enable mobilizing a new peer association 60262569Simp# by other dynamic means (broadcast, manycast, ntpq commands, etc). 61262569Simp# 62262569Simp# See http://support.ntp.org/bin/view/Support/AccessRestrictions 63262569Simp# for more information. 64262569Simp# 65262569Simprestrict default limited kod nomodify notrap noquery nopeer 66270864Simprestrict -6 default limited kod nomodify notrap noquery nopeer 67270864Simprestrict source limited kod nomodify notrap noquery 68270864Simp 69270864Simp# 70270864Simp# Alternatively, the following rules would block all unauthorized access. 71270864Simp# 72270864Simp#restrict default ignore 73270864Simp#restrict -6 default ignore 74270864Simp# 75270864Simp# In this case, all remote NTP time servers also need to be explicitly 76270864Simp# allowed or they would not be able to exchange time information with 77270864Simp# this server. 78270864Simp# 79270864Simp# Please note that this example doesn't work for the servers in 80270864Simp# the pool.ntp.org domain since they return multiple A records. 81270864Simp# 82270864Simp#restrict 0.pool.ntp.org nomodify nopeer noquery notrap 83270864Simp#restrict 1.pool.ntp.org nomodify nopeer noquery notrap 84284090Sian#restrict 2.pool.ntp.org nomodify nopeer noquery notrap 85284090Sian# 86284090Sian# The following settings allow unrestricted access from the localhost 87284090Sianrestrict 127.0.0.1 88284090Sianrestrict -6 ::1 89284090Sian 90284090Sian# 91284090Sian# If a server loses sync with all upstream servers, NTP clients 92262569Simp# no longer follow that server. The local clock can be configured 93270864Simp# to provide a time source when this happens, but it should usually 94270864Simp# be configured on just one server on a network. For more details see 95270864Simp# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock 96270864Simp# The use of Orphan Mode may be preferable. 97270864Simp# 98270864Simp#server 127.127.1.0 99270864Simp#fudge 127.127.1.0 stratum 10 100270864Simp 101270864Simp# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14. 102270864Simp# for documentation regarding leapfile. Updates to the file can be obtained 103270864Simp# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. 104270864Simp# Use either leapfile in /etc/ntp or weekly updated leapfile in /var/db. 105270864Simp#leapfile "/etc/ntp/leap-seconds" 106270864Simpleapfile "/var/db/ntpd.leap-seconds.list" 107270864Simp