ntp.conf revision 290001 
1178172Simp#
2178172Simp# $FreeBSD: releng/9.3/etc/ntp.conf 290001 2015-10-26 11:42:25Z glebius $
3178172Simp#
4178172Simp# Default NTP servers for the FreeBSD operating system.
5178172Simp#
6178172Simp# Don't forget to enable ntpd in /etc/rc.conf with:
7178172Simp# ntpd_enable="YES"
8178172Simp#
9178172Simp# The driftfile is by default /var/db/ntpd.drift, check
10178172Simp# /etc/defaults/rc.conf on how to change the location.
11178172Simp#
12178172Simp
13178172Simp#
14178172Simp# The following three servers will give you a random set of three
15178172Simp# NTP servers geographically close to you.
16178172Simp# See http://www.pool.ntp.org/ for details. Note, the pool encourages
17178172Simp# users with a static IP and good upstream NTP servers to add a server
18178172Simp# to the pool. See http://www.pool.ntp.org/join.html if you are interested.
19178172Simp#
20178172Simp# The option `iburst' is used for faster initial synchronization.
21178172Simp#
22178172Simpserver 0.freebsd.pool.ntp.org iburst
23178172Simpserver 1.freebsd.pool.ntp.org iburst
24178172Simpserver 2.freebsd.pool.ntp.org iburst
25178172Simp#server 3.freebsd.pool.ntp.org iburst
26178172Simp
27178172Simp#
28178172Simp# If you want to pick yourself which country's public NTP server
29178172Simp# you want sync against, comment out the above servers, uncomment
30178172Simp# the next ones and replace CC with the country's abbreviation.
31178172Simp# Make sure that the hostnames resolve to a proper IP address!
32178172Simp#
33178172Simp# server 0.CC.pool.ntp.org iburst
34178172Simp# server 1.CC.pool.ntp.org iburst
35178172Simp# server 2.CC.pool.ntp.org iburst
36178172Simp
37178172Simp#
38178172Simp# Security:
39178172Simp#
40178172Simp# By default, only allow time queries and block all other requests
41178172Simp# from unauthenticated clients.
42178172Simp#
43178172Simp# See http://support.ntp.org/bin/view/Support/AccessRestrictions
44178172Simp# for more information.
45249523Simp#
46178172Simprestrict default limited kod nomodify notrap nopeer noquery
47178172Simprestrict -6 default limited kod nomodify notrap nopeer noquery
48249523Simp#
49178172Simp# Alternatively, the following rules would block all unauthorized access.
50178172Simp#
51178172Simp#restrict default ignore
52178172Simp#restrict -6 default ignore
53178172Simp#
54178172Simp# In this case, all remote NTP time servers also need to be explicitly
55178172Simp# allowed or they would not be able to exchange time information with
56178172Simp# this server.
57178172Simp#
58249523Simp# Please note that this example doesn't work for the servers in
59249523Simp# the pool.ntp.org domain since they return multiple A records.
60249523Simp#
61249523Simp#restrict 0.pool.ntp.org nomodify nopeer noquery notrap
62249523Simp#restrict 1.pool.ntp.org nomodify nopeer noquery notrap
63249523Simp#restrict 2.pool.ntp.org nomodify nopeer noquery notrap
64249523Simp#
65249523Simp# The following settings allow unrestricted access from the localhost
66249523Simprestrict 127.0.0.1
67249523Simprestrict -6 ::1
68178172Simprestrict 127.127.1.0
69178172Simp
70178172Simp#
71178172Simp# If a server loses sync with all upstream servers, NTP clients
72249790Simp# no longer follow that server. The local clock can be configured
73249790Simp# to provide a time source when this happens, but it should usually
74249790Simp# be configured on just one server on a network. For more details see
75249790Simp# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock
76249523Simp# The use of Orphan Mode may be preferable.
77178172Simp#
78178172Simp#server 127.127.1.0
79178172Simp#fudge 127.127.1.0 stratum 10
80178172Simp