ntp.conf revision 1.16
1# $NetBSD: ntp.conf,v 1.16 2014/01/06 11:21:34 apb Exp $ 2# 3# NetBSD default Network Time Protocol (NTP) configuration file for ntpd 4 5# This file is intended to be both a usable default, and a Quick-Start 6# Guide. The directives and options listed here are not at all complete. 7# A great deal of additional documentation, including links to FAQS and 8# other guides, may be found on the official NTP web site, in particular 9# 10# http://www.ntp.org/documentation.html 11# 12 13# Process ID file, so that the daemon can be signalled from scripts 14 15pidfile /var/run/ntpd.pid 16 17# The correction calculated by ntpd(8) for the local system clock's 18# drift is stored here. 19 20driftfile /var/db/ntp.drift 21 22# Suppress the syslog(3) message for each peer synchronization change. 23 24logconfig -syncstatus 25 26# This will help minimize disruptions due to network congestion. Don't 27# do this if you configure only one server! 28 29tos minsane 2 30 31# Set the number of tries to register with mdns. 0 means never 32# 33mdnstries 0 34 35# New ntpd disables the ntpdc protocol by default, to re-enable uncomment 36# the following line 37# enable mode7 38 39# Access control restrictions. 40# See /usr/share/doc/html/ntp/accopt.html for syntax. 41# See <http://support.ntp.org/bin/view/Support/AccessRestrictions> for advice. 42# Last match wins. 43# 44# Some of the more common keywords are: 45# ignore Deny packets of all kinds. 46# kod Send "kiss-o'-death" packets if clients exceed rate 47# limits. 48# nomodify Deny attempts to modify the state of the server via 49# ntpq or ntpdc queries. 50# noquery Deny all ntpq and ntpdc queries. Does not affect time 51# synchronisation. 52# nopeer Prevent establishing an new peer association. 53# Does not affect preconfigured peer associations. 54# Does not affect client/server time synchronisation. 55# noserve Deny all time synchronisation. Does not affect ntpq or 56# ntpdc queries. 57# notrap Deny the trap subset of the ntpdc control message protocol. 58# notrust Deny packets that are not cryptographically authenticated. 59# 60# By default, either deny everything, or allow client/server time exchange 61# but deny configuration changes, queries, and peer associations that were not 62# explicitly configured. 63# (Uncomment one of the following "restrict default" lines.) 64# 65#restrict default ignore 66restrict default kod nopeer noquery 67 68# Fewer restrictions for the local subnet. 69# (Uncomment and adjust as appropriate.) 70# 71#restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer 72#restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer 73 74# No restrictions for localhost. 75# 76restrict 127.0.0.1 77restrict ::1 78 79# Hereafter should be "server" or "peer" statements to configure other 80# hosts to exchange NTP packets with. Peers should be selected in such 81# a way that the network path to them is symmetric (that is, the series 82# of links and routers used to get to the peer is the same one that the 83# peer uses to get back. NTP assumes such symmetry in its network delay 84# calculation. NTP will apply an incorrect adjustment to timestamps 85# received from the peer if the path is not symmetric. This can result 86# in clock skew (your system clock being maintained consistently wrong 87# by a certain amount). 88# 89# The best way to select symmetric peers is to make sure that the 90# network path to them is as short as possible (this reduces the chance 91# that there is more than one network path between you and your peer). 92# You can measure these distances with the traceroute(8) program. The 93# best place to start looking for NTP peers for your system is within 94# your own network, or at your Internet Service Provider (ISP). 95# 96# Ideally, you should select at least three other systems to talk NTP 97# with, for an "what I tell you three times is true" effect. 98# 99# A "restrict" line for each configured peer or server might be necessary, 100# if the "restrict default" settings are very restrictive. As a courtesy 101# to configured peers and servers, consider allowing them to query. 102 103#peer an.ntp.peer.goes.here 104#server an.ntp.server.goes.here 105#restrict an.ntp.server.goes.here nomodify notrap 106 107# Public servers from the pool.ntp.org project. Volunteer's servers 108# are dynamically assigned to the CNAMES below via DNS round-robin. 109# The pool.ntp.org project needs more volunteers! The only criteria to 110# join are a nailed-up connection and a static IP address. For details, 111# see the web page: 112# 113# http://www.pool.ntp.org/join.html 114# 115 116# Depending on the vagaries of DNS can occasionally pull in the same 117# server twice. The following CNAMES are guaranteed to be disjoint, at 118# least over some short interval. The following servers are allocated 119# to the NetBSD project. 120 121server 0.netbsd.pool.ntp.org 122restrict 0.netbsd.pool.ntp.org nomodify notrap 123server 1.netbsd.pool.ntp.org 124restrict 1.netbsd.pool.ntp.org nomodify notrap 125server 2.netbsd.pool.ntp.org 126restrict 2.netbsd.pool.ntp.org nomodify notrap 127server 3.netbsd.pool.ntp.org 128restrict 3.netbsd.pool.ntp.org nomodify notrap 129