ntp.conf revision 272461
1274246Sae# 2274246Sae# $FreeBSD: releng/10.1/etc/ntp.conf 259974 2013-12-27 23:09:40Z delphij $ 3274246Sae# 4274246Sae# Default NTP servers for the FreeBSD operating system. 5274246Sae# 6274246Sae# Don't forget to enable ntpd in /etc/rc.conf with: 7274246Sae# ntpd_enable="YES" 8274246Sae# 9274246Sae# The driftfile is by default /var/db/ntpd.drift, check 10274246Sae# /etc/defaults/rc.conf on how to change the location. 11274246Sae# 12274246Sae 13274246Sae# 14274246Sae# The following three servers will give you a random set of three 15274246Sae# NTP servers geographically close to you. 16274246Sae# See http://www.pool.ntp.org/ for details. Note, the pool encourages 17274246Sae# users with a static IP and good upstream NTP servers to add a server 18274246Sae# to the pool. See http://www.pool.ntp.org/join.html if you are interested. 19274246Sae# 20274246Sae# The option `iburst' is used for faster initial synchronization. 21274246Sae# 22274246Saeserver 0.freebsd.pool.ntp.org iburst 23274246Saeserver 1.freebsd.pool.ntp.org iburst 24274246Saeserver 2.freebsd.pool.ntp.org iburst 25274246Sae#server 3.freebsd.pool.ntp.org iburst 26274246Sae 27274246Sae# 28274246Sae# If you want to pick yourself which country's public NTP server 29274246Sae# you want sync against, comment out the above servers, uncomment 30274246Sae# the next ones and replace CC with the country's abbreviation. 31274246Sae# Make sure that the hostnames resolve to a proper IP address! 32274246Sae# 33274246Sae# server 0.CC.pool.ntp.org iburst 34274246Sae# server 1.CC.pool.ntp.org iburst 35274246Sae# server 2.CC.pool.ntp.org iburst 36274246Sae 37274246Sae# 38274246Sae# Security: 39274246Sae# 40274246Sae# By default, only allow time queries and block all other requests 41274246Sae# from unauthenticated clients. 42274246Sae# 43274246Sae# See http://support.ntp.org/bin/view/Support/AccessRestrictions 44274246Sae# for more information. 45274246Sae# 46274246Saerestrict default kod nomodify notrap nopeer noquery 47274246Saerestrict -6 default kod nomodify notrap nopeer noquery 48274246Sae# 49274246Sae# Alternatively, the following rules would block all unauthorized access. 50274246Sae# 51274246Sae#restrict default ignore 52274246Sae#restrict -6 default ignore 53274246Sae# 54274246Sae# In this case, all remote NTP time servers also need to be explicitly 55274246Sae# allowed or they would not be able to exchange time information with 56274246Sae# this server. 57274246Sae# 58274246Sae# Please note that this example doesn't work for the servers in 59274246Sae# the pool.ntp.org domain since they return multiple A records. 60274246Sae# 61274246Sae#restrict 0.pool.ntp.org nomodify nopeer noquery notrap 62274246Sae#restrict 1.pool.ntp.org nomodify nopeer noquery notrap 63274246Sae#restrict 2.pool.ntp.org nomodify nopeer noquery notrap 64274246Sae# 65274246Sae# The following settings allow unrestricted access from the localhost 66274246Saerestrict 127.0.0.1 67274246Saerestrict -6 ::1 68274246Saerestrict 127.127.1.0 69274246Sae 70274246Sae# 71274246Sae# If a server loses sync with all upstream servers, NTP clients 72274246Sae# no longer follow that server. The local clock can be configured 73274246Sae# to provide a time source when this happens, but it should usually 74274246Sae# be configured on just one server on a network. For more details see 75274246Sae# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock 76274246Sae# The use of Orphan Mode may be preferable. 77274246Sae# 78274246Sae#server 127.127.1.0 79274246Sae#fudge 127.127.1.0 stratum 10 80274246Sae