ntp.conf revision 272461 
1274246Sae#
2274246Sae# $FreeBSD: releng/10.1/etc/ntp.conf 259974 2013-12-27 23:09:40Z delphij $
3274246Sae#
4274246Sae# Default NTP servers for the FreeBSD operating system.
5274246Sae#
6274246Sae# Don't forget to enable ntpd in /etc/rc.conf with:
7274246Sae# ntpd_enable="YES"
8274246Sae#
9274246Sae# The driftfile is by default /var/db/ntpd.drift, check
10274246Sae# /etc/defaults/rc.conf on how to change the location.
11274246Sae#
12274246Sae
13274246Sae#
14274246Sae# The following three servers will give you a random set of three
15274246Sae# NTP servers geographically close to you.
16274246Sae# See http://www.pool.ntp.org/ for details. Note, the pool encourages
17274246Sae# users with a static IP and good upstream NTP servers to add a server
18274246Sae# to the pool. See http://www.pool.ntp.org/join.html if you are interested.
19274246Sae#
20274246Sae# The option `iburst' is used for faster initial synchronization.
21274246Sae#
22274246Saeserver 0.freebsd.pool.ntp.org iburst
23274246Saeserver 1.freebsd.pool.ntp.org iburst
24274246Saeserver 2.freebsd.pool.ntp.org iburst
25274246Sae#server 3.freebsd.pool.ntp.org iburst
26274246Sae
27274246Sae#
28274246Sae# If you want to pick yourself which country's public NTP server
29274246Sae# you want sync against, comment out the above servers, uncomment
30274246Sae# the next ones and replace CC with the country's abbreviation.
31274246Sae# Make sure that the hostnames resolve to a proper IP address!
32274246Sae#
33274246Sae# server 0.CC.pool.ntp.org iburst
34274246Sae# server 1.CC.pool.ntp.org iburst
35274246Sae# server 2.CC.pool.ntp.org iburst
36274246Sae
37274246Sae#
38274246Sae# Security:
39274246Sae#
40274246Sae# By default, only allow time queries and block all other requests
41274246Sae# from unauthenticated clients.
42274246Sae#
43274246Sae# See http://support.ntp.org/bin/view/Support/AccessRestrictions
44274246Sae# for more information.
45274246Sae#
46274246Saerestrict default kod nomodify notrap nopeer noquery
47274246Saerestrict -6 default kod nomodify notrap nopeer noquery
48274246Sae#
49274246Sae# Alternatively, the following rules would block all unauthorized access.
50274246Sae#
51274246Sae#restrict default ignore
52274246Sae#restrict -6 default ignore
53274246Sae#
54274246Sae# In this case, all remote NTP time servers also need to be explicitly
55274246Sae# allowed or they would not be able to exchange time information with
56274246Sae# this server.
57274246Sae#
58274246Sae# Please note that this example doesn't work for the servers in
59274246Sae# the pool.ntp.org domain since they return multiple A records.
60274246Sae#
61274246Sae#restrict 0.pool.ntp.org nomodify nopeer noquery notrap
62274246Sae#restrict 1.pool.ntp.org nomodify nopeer noquery notrap
63274246Sae#restrict 2.pool.ntp.org nomodify nopeer noquery notrap
64274246Sae#
65274246Sae# The following settings allow unrestricted access from the localhost
66274246Saerestrict 127.0.0.1
67274246Saerestrict -6 ::1
68274246Saerestrict 127.127.1.0
69274246Sae
70274246Sae#
71274246Sae# If a server loses sync with all upstream servers, NTP clients
72274246Sae# no longer follow that server. The local clock can be configured
73274246Sae# to provide a time source when this happens, but it should usually
74274246Sae# be configured on just one server on a network. For more details see
75274246Sae# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock
76274246Sae# The use of Orphan Mode may be preferable.
77274246Sae#
78274246Sae#server 127.127.1.0
79274246Sae#fudge 127.127.1.0 stratum 10
80274246Sae