ntp.conf revision 289421
1193635Sedwin# 2193635Sedwin# $FreeBSD: head/etc/ntp.conf 289421 2015-10-16 14:04:16Z cy $ 3193635Sedwin# 4193635Sedwin# Default NTP servers for the FreeBSD operating system. 5193635Sedwin# 6193635Sedwin# Don't forget to enable ntpd in /etc/rc.conf with: 7193635Sedwin# ntpd_enable="YES" 8193635Sedwin# 9193635Sedwin# The driftfile is by default /var/db/ntpd.drift, check 10193635Sedwin# /etc/defaults/rc.conf on how to change the location. 11193635Sedwin# 12193635Sedwin 13193635Sedwin# 14193635Sedwin# The following three servers will give you a random set of three 15193635Sedwin# NTP servers geographically close to you. 16195652Sdwmalone# See http://www.pool.ntp.org/ for details. Note, the pool encourages 17195652Sdwmalone# users with a static IP and good upstream NTP servers to add a server 18195652Sdwmalone# to the pool. See http://www.pool.ntp.org/join.html if you are interested. 19193635Sedwin# 20259973Sdelphij# The option `iburst' is used for faster initial synchronization. 21193635Sedwin# 22239464Sdelphijserver 0.freebsd.pool.ntp.org iburst 23239464Sdelphijserver 1.freebsd.pool.ntp.org iburst 24239464Sdelphijserver 2.freebsd.pool.ntp.org iburst 25239464Sdelphij#server 3.freebsd.pool.ntp.org iburst 26193635Sedwin 27193635Sedwin# 28193635Sedwin# If you want to pick yourself which country's public NTP server 29193635Sedwin# you want sync against, comment out the above servers, uncomment 30195652Sdwmalone# the next ones and replace CC with the country's abbreviation. 31193635Sedwin# Make sure that the hostnames resolve to a proper IP address! 32193635Sedwin# 33239464Sdelphij# server 0.CC.pool.ntp.org iburst 34239464Sdelphij# server 1.CC.pool.ntp.org iburst 35239464Sdelphij# server 2.CC.pool.ntp.org iburst 36193635Sedwin 37193635Sedwin# 38259973Sdelphij# Security: 39193635Sedwin# 40259973Sdelphij# By default, only allow time queries and block all other requests 41259973Sdelphij# from unauthenticated clients. 42259973Sdelphij# 43259973Sdelphij# See http://support.ntp.org/bin/view/Support/AccessRestrictions 44259973Sdelphij# for more information. 45259973Sdelphij# 46280916Sdelphijrestrict default limited kod nomodify notrap nopeer noquery 47280916Sdelphijrestrict -6 default limited kod nomodify notrap nopeer noquery 48259973Sdelphij# 49259973Sdelphij# Alternatively, the following rules would block all unauthorized access. 50259973Sdelphij# 51259973Sdelphij#restrict default ignore 52259973Sdelphij#restrict -6 default ignore 53259973Sdelphij# 54259973Sdelphij# In this case, all remote NTP time servers also need to be explicitly 55259973Sdelphij# allowed or they would not be able to exchange time information with 56259973Sdelphij# this server. 57259973Sdelphij# 58193635Sedwin# Please note that this example doesn't work for the servers in 59193635Sedwin# the pool.ntp.org domain since they return multiple A records. 60193635Sedwin# 61193635Sedwin#restrict 0.pool.ntp.org nomodify nopeer noquery notrap 62193635Sedwin#restrict 1.pool.ntp.org nomodify nopeer noquery notrap 63193635Sedwin#restrict 2.pool.ntp.org nomodify nopeer noquery notrap 64259973Sdelphij# 65259973Sdelphij# The following settings allow unrestricted access from the localhost 66259973Sdelphijrestrict 127.0.0.1 67259973Sdelphijrestrict -6 ::1 68259973Sdelphijrestrict 127.127.1.0 69193635Sedwin 70193635Sedwin# 71195652Sdwmalone# If a server loses sync with all upstream servers, NTP clients 72195652Sdwmalone# no longer follow that server. The local clock can be configured 73195652Sdwmalone# to provide a time source when this happens, but it should usually 74195652Sdwmalone# be configured on just one server on a network. For more details see 75195652Sdwmalone# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock 76195652Sdwmalone# The use of Orphan Mode may be preferable. 77193635Sedwin# 78195652Sdwmalone#server 127.127.1.0 79195652Sdwmalone#fudge 127.127.1.0 stratum 10 80289421Scy 81289421Scy# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14. 82289421Scy# for documentation regarding leapfile. Updates to the file can be obtained 83289421Scy# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. 84289421Scyleapfile "/etc/ntp/leap-seconds" 85