ntp.conf revision 352865
1254721Semaste# 2254721Semaste# $FreeBSD: stable/11/etc/ntp.conf 352865 2019-09-29 03:36:50Z cy $ 3254721Semaste# 4254721Semaste# Default NTP servers for the FreeBSD operating system. 5254721Semaste# 6254721Semaste# Don't forget to enable ntpd in /etc/rc.conf with: 7254721Semaste# ntpd_enable="YES" 8254721Semaste# 9254721Semaste# The driftfile is by default /var/db/ntpd.drift, check 10254721Semaste# /etc/defaults/rc.conf on how to change the location. 11254721Semaste# 12254721Semaste 13254721Semaste# 14254721Semaste# Set the target and limit for adding servers configured via pool statements 15254721Semaste# or discovered dynamically via mechanisms such as broadcast and manycast. 16254721Semaste# Ntpd automatically adds maxclock-1 servers from configured pools, and may 17254721Semaste# add as many as maxclock*2 if necessary to ensure that at least minclock 18254721Semaste# servers are providing good consistant time. 19254721Semaste# 20254721Semastetos minclock 3 maxclock 6 21254721Semaste 22254721Semaste# 23254721Semaste# The following pool statement will give you a random set of NTP servers 24254721Semaste# geographically close to you. A single pool statement adds multiple 25254721Semaste# servers from the pool, according to the tos minclock/maxclock targets. 26254721Semaste# See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages 27254721Semaste# users with a static IP and good upstream NTP servers to add a server 28254721Semaste# to the pool. See http://www.pool.ntp.org/join.html if you are interested. 29254721Semaste# 30254721Semaste# The option `iburst' is used for faster initial synchronization. 31254721Semaste# 32254721Semastepool 0.freebsd.pool.ntp.org iburst 33254721Semaste 34254721Semaste# 35254721Semaste# If you want to pick yourself which country's public NTP server 36254721Semaste# you want to sync against, comment out the above pool, uncomment 37254721Semaste# the next one, and replace CC with the country's abbreviation. 38254721Semaste# Make sure that the hostname resolves to a proper IP address! 39254721Semaste# 40254721Semaste# pool 0.CC.pool.ntp.org iburst 41254721Semaste 42254721Semaste# 43254721Semaste# To configure a specific server, such as an organization-wide local 44254721Semaste# server, add lines similar to the following. One or more specific 45254721Semaste# servers can be configured in addition to, or instead of, any server 46254721Semaste# pools specified above. When both are configured, ntpd first adds all 47254721Semaste# the specific servers, then adds servers from the pool until the tos 48254721Semaste# minclock/maxclock targets are met. 49254721Semaste# 50254721Semaste#server time.my-internal.org iburst 51254721Semaste 52254721Semaste# 53254721Semaste# Security: 54254721Semaste# 55254721Semaste# By default, only allow time queries and block all other requests 56254721Semaste# from unauthenticated clients. 57254721Semaste# 58254721Semaste# The "restrict source" line allows peers to be mobilized when added by 59254721Semaste# ntpd from a pool, but does not enable mobilizing a new peer association 60254721Semaste# by other dynamic means (broadcast, manycast, ntpq commands, etc). 61254721Semaste# 62254721Semaste# See http://support.ntp.org/bin/view/Support/AccessRestrictions 63254721Semaste# for more information. 64254721Semaste# 65254721Semasterestrict default limited kod nomodify notrap noquery nopeer 66254721Semasterestrict source limited kod nomodify notrap noquery 67254721Semaste 68254721Semaste# 69254721Semaste# Alternatively, the following rules would block all unauthorized access. 70254721Semaste# 71254721Semaste#restrict default ignore 72254721Semaste# 73254721Semaste# In this case, all remote NTP time servers also need to be explicitly 74254721Semaste# allowed or they would not be able to exchange time information with 75254721Semaste# this server. 76254721Semaste# 77254721Semaste# Please note that this example doesn't work for the servers in 78254721Semaste# the pool.ntp.org domain since they return multiple A records. 79254721Semaste# 80254721Semaste#restrict 0.pool.ntp.org nomodify nopeer noquery notrap 81254721Semaste#restrict 1.pool.ntp.org nomodify nopeer noquery notrap 82254721Semaste#restrict 2.pool.ntp.org nomodify nopeer noquery notrap 83254721Semaste# 84254721Semaste# The following settings allow unrestricted access from the localhost 85254721Semasterestrict 127.0.0.1 86254721Semasterestrict ::1 87254721Semaste 88254721Semaste# 89254721Semaste# If a server loses sync with all upstream servers, NTP clients 90254721Semaste# no longer follow that server. The local clock can be configured 91254721Semaste# to provide a time source when this happens, but it should usually 92254721Semaste# be configured on just one server on a network. For more details see 93254721Semaste# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock 94254721Semaste# The use of Orphan Mode may be preferable. 95254721Semaste# 96254721Semaste#server 127.127.1.0 97254721Semaste#fudge 127.127.1.0 stratum 10 98254721Semaste 99254721Semaste# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14. 100254721Semaste# for documentation regarding leapfile. Updates to the file can be obtained 101254721Semaste# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. 102254721Semaste# Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db. 103254721Semaste#leapfile "/etc/ntp/leap-seconds" 104254721Semasteleapfile "/var/db/ntpd.leap-seconds.list" 105254721Semaste 106254721Semaste# Specify the number of megabytes of memory that should be allocated and 107254721Semaste# locked. -1 (default) means "do not lock the process into memory". 108254721Semaste# 0 means "lock whatever memory the process wants into memory". Any other 109254721Semaste# number means to lock up to that number of megabytes into memory. 110254721Semaste# 0 may result in a segfault when ASLR with stack gap randomization 111254721Semaste# is enabled. 112254721Semaste#rlimit memlock 32 113254721Semaste