ntp.conf revision 1.16 
1# $NetBSD: ntp.conf,v 1.16 2014/01/06 11:21:34 apb Exp $
2#
3# NetBSD default Network Time Protocol (NTP) configuration file for ntpd
4
5# This file is intended to be both a usable default, and a Quick-Start
6# Guide. The directives and options listed here are not at all complete.
7# A great deal of additional documentation, including links to FAQS and
8# other guides, may be found on the official NTP web site, in particular
9#
10#	http://www.ntp.org/documentation.html
11#
12
13# Process ID file, so that the daemon can be signalled from scripts
14
15pidfile		/var/run/ntpd.pid
16
17# The correction calculated by ntpd(8) for the local system clock's
18# drift is stored here.
19
20driftfile	/var/db/ntp.drift
21
22# Suppress the syslog(3) message for each peer synchronization change.
23
24logconfig	-syncstatus
25
26# This will help minimize disruptions due to network congestion. Don't
27# do this if you configure only one server!
28
29tos		minsane 2
30
31# Set the number of tries to register with mdns. 0 means never
32#
33mdnstries	0
34
35# New ntpd disables the ntpdc protocol by default, to re-enable uncomment
36# the following line
37# enable mode7
38
39# Access control restrictions.
40# See /usr/share/doc/html/ntp/accopt.html for syntax.
41# See <http://support.ntp.org/bin/view/Support/AccessRestrictions> for advice.
42# Last match wins.
43#
44# Some of the more common keywords are:
45#   ignore      Deny packets of all kinds.
46#   kod         Send "kiss-o'-death" packets if clients exceed rate
47#               limits.
48#   nomodify    Deny attempts to modify the state of the server via
49#               ntpq or ntpdc queries.
50#   noquery     Deny all ntpq and ntpdc queries.  Does not affect time
51#               synchronisation.
52#   nopeer      Prevent establishing an new peer association.
53#               Does not affect preconfigured peer associations.
54#               Does not affect client/server time synchronisation.
55#   noserve     Deny all time synchronisation.  Does not affect ntpq or
56#               ntpdc queries.
57#   notrap      Deny the trap subset of the ntpdc control message protocol.
58#   notrust     Deny packets that are not cryptographically authenticated.
59#
60# By default, either deny everything, or allow client/server time exchange
61# but deny configuration changes, queries, and peer associations that were not
62# explicitly configured.
63# (Uncomment one of the following "restrict default" lines.)
64#
65#restrict default ignore
66restrict default kod nopeer noquery
67
68# Fewer restrictions for the local subnet.
69# (Uncomment and adjust as appropriate.)
70#
71#restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer
72#restrict 2001:db8:: mask ffff:ffff::  kod nomodify notrap nopeer
73
74# No restrictions for localhost.
75#
76restrict 127.0.0.1
77restrict ::1
78
79# Hereafter should be "server" or "peer" statements to configure other
80# hosts to exchange NTP packets with. Peers should be selected in such
81# a way that the network path to them is symmetric (that is, the series
82# of links and routers used to get to the peer is the same one that the
83# peer uses to get back. NTP assumes such symmetry in its network delay
84# calculation. NTP will apply an incorrect adjustment to timestamps
85# received from the peer if the path is not symmetric. This can result
86# in clock skew (your system clock being maintained consistently wrong
87# by a certain amount).
88#
89# The best way to select symmetric peers is to make sure that the
90# network path to them is as short as possible (this reduces the chance
91# that there is more than one network path between you and your peer).
92# You can measure these distances with the traceroute(8)  program. The
93# best place to start looking for NTP peers for your system is within
94# your own network, or at your Internet Service Provider (ISP).
95#
96# Ideally, you should select at least three other systems to talk NTP
97# with, for an "what I tell you three times is true" effect.
98#
99# A "restrict" line for each configured peer or server might be necessary,
100# if the "restrict default" settings are very restrictive.  As a courtesy
101# to configured peers and servers, consider allowing them to query.
102
103#peer		an.ntp.peer.goes.here
104#server		an.ntp.server.goes.here
105#restrict	an.ntp.server.goes.here nomodify notrap
106
107# Public servers from the pool.ntp.org project. Volunteer's servers
108# are dynamically assigned to the CNAMES below via DNS round-robin.
109# The pool.ntp.org project needs more volunteers! The only criteria to
110# join are a nailed-up connection and a static IP address. For details,
111# see the web page:
112#
113#	http://www.pool.ntp.org/join.html
114#
115
116# Depending on the vagaries of DNS can occasionally pull in the same
117# server twice. The following CNAMES are guaranteed to be disjoint, at
118# least over some short interval. The following servers are allocated
119# to the NetBSD project.
120
121server		0.netbsd.pool.ntp.org
122restrict	0.netbsd.pool.ntp.org nomodify notrap
123server		1.netbsd.pool.ntp.org
124restrict	1.netbsd.pool.ntp.org nomodify notrap
125server		2.netbsd.pool.ntp.org
126restrict	2.netbsd.pool.ntp.org nomodify notrap
127server		3.netbsd.pool.ntp.org
128restrict	3.netbsd.pool.ntp.org nomodify notrap
129