ntp.conf revision 1.17
1# $NetBSD: ntp.conf,v 1.17 2014/01/06 11:25:03 apb Exp $ 2# 3# NetBSD default Network Time Protocol (NTP) configuration file for ntpd 4 5# This file is intended to be both a usable default, and a Quick-Start 6# Guide. The directives and options listed here are not at all complete. 7# A great deal of additional documentation, including links to FAQS and 8# other guides, may be found on the official NTP web site, in particular 9# 10# http://www.ntp.org/documentation.html 11# 12 13# Process ID file, so that the daemon can be signalled from scripts 14 15pidfile /var/run/ntpd.pid 16 17# The correction calculated by ntpd(8) for the local system clock's 18# drift is stored here. 19 20driftfile /var/db/ntp.drift 21 22# Suppress the syslog(3) message for each peer synchronization change. 23 24logconfig -syncstatus 25 26# Refuse to set the local clock if there are too few good peers or servers. 27# This may help minimize disruptions due to network congestion. Don't 28# do this if you configure only one server! 29 30tos minsane 2 31 32# Set the number of tries to register with mdns. 0 means never 33# 34mdnstries 0 35 36# New ntpd disables the ntpdc protocol by default, to re-enable uncomment 37# the following line 38# enable mode7 39 40# Access control restrictions. 41# See /usr/share/doc/html/ntp/accopt.html for syntax. 42# See <http://support.ntp.org/bin/view/Support/AccessRestrictions> for advice. 43# Last match wins. 44# 45# Some of the more common keywords are: 46# ignore Deny packets of all kinds. 47# kod Send "kiss-o'-death" packets if clients exceed rate 48# limits. 49# nomodify Deny attempts to modify the state of the server via 50# ntpq or ntpdc queries. 51# noquery Deny all ntpq and ntpdc queries. Does not affect time 52# synchronisation. 53# nopeer Prevent establishing an new peer association. 54# Does not affect preconfigured peer associations. 55# Does not affect client/server time synchronisation. 56# noserve Deny all time synchronisation. Does not affect ntpq or 57# ntpdc queries. 58# notrap Deny the trap subset of the ntpdc control message protocol. 59# notrust Deny packets that are not cryptographically authenticated. 60# 61# By default, either deny everything, or allow client/server time exchange 62# but deny configuration changes, queries, and peer associations that were not 63# explicitly configured. 64# (Uncomment one of the following "restrict default" lines.) 65# 66#restrict default ignore 67restrict default kod nopeer noquery 68 69# Fewer restrictions for the local subnet. 70# (Uncomment and adjust as appropriate.) 71# 72#restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer 73#restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer 74 75# No restrictions for localhost. 76# 77restrict 127.0.0.1 78restrict ::1 79 80# Hereafter should be "server" or "peer" statements to configure other 81# hosts to exchange NTP packets with. 82# 83# See <http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork> 84# and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers> 85# for advice. 86# 87# Peers should be selected in such a way that the network path to them 88# is short, uncongested, and symmetric (that is, the series of links 89# and routers used to get to the peer is the same one that the peer 90# uses to get back). The best place to start looking for NTP peers for 91# your system is within your own network, or at your Internet Service 92# Provider (ISP). 93# 94# Ideally, you should select at least three other systems to talk NTP 95# with, for an "what I tell you three times is true" effect. 96# 97# A "restrict" line for each configured peer or server might be necessary, 98# if the "restrict default" settings are very restrictive. As a courtesy 99# to configured peers and servers, consider allowing them to query. 100 101#peer an.ntp.peer.goes.here 102#server an.ntp.server.goes.here 103#restrict an.ntp.server.goes.here nomodify notrap 104 105# The pool.ntp.org project coordinates public time servers provided by 106# volunteers. See <http://www.pool.ntp.org>. The *.netbsd.pool.ntp.org 107# servers are intended to be used by default on NetBSD hosts, but 108# servers that are closer to you are likely to be better. Consider 109# using servers specific to your country, a nearby country, or your 110# continent. 111# 112# The pool.ntp.org project needs more volunteers! The only criteria to 113# join are a nailed-up connection and a static IP address. For details, 114# see the web page: 115# 116# http://www.pool.ntp.org/join.html 117# 118 119# Depending on the vagaries of DNS can occasionally pull in the same 120# server twice. The following CNAMES are guaranteed to be disjoint, at 121# least over some short interval. The following servers are allocated 122# to the NetBSD project. 123 124server 0.netbsd.pool.ntp.org 125restrict 0.netbsd.pool.ntp.org nomodify notrap 126server 1.netbsd.pool.ntp.org 127restrict 1.netbsd.pool.ntp.org nomodify notrap 128server 2.netbsd.pool.ntp.org 129restrict 2.netbsd.pool.ntp.org nomodify notrap 130server 3.netbsd.pool.ntp.org 131restrict 3.netbsd.pool.ntp.org nomodify notrap 132