# $NetBSD: ntp.conf,v 1.16 2014/01/06 11:21:34 apb Exp $ # # NetBSD default Network Time Protocol (NTP) configuration file for ntpd # This file is intended to be both a usable default, and a Quick-Start # Guide. The directives and options listed here are not at all complete. # A great deal of additional documentation, including links to FAQS and # other guides, may be found on the official NTP web site, in particular # # http://www.ntp.org/documentation.html # # Process ID file, so that the daemon can be signalled from scripts pidfile /var/run/ntpd.pid # The correction calculated by ntpd(8) for the local system clock's # drift is stored here. driftfile /var/db/ntp.drift # Suppress the syslog(3) message for each peer synchronization change. logconfig -syncstatus # This will help minimize disruptions due to network congestion. Don't # do this if you configure only one server! tos minsane 2 # Set the number of tries to register with mdns. 0 means never # mdnstries 0 # New ntpd disables the ntpdc protocol by default, to re-enable uncomment # the following line # enable mode7 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing an new peer association. # Does not affect preconfigured peer associations. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, either deny everything, or allow client/server time exchange # but deny configuration changes, queries, and peer associations that were not # explicitly configured. # (Uncomment one of the following "restrict default" lines.) # #restrict default ignore restrict default kod nopeer noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) # #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer # No restrictions for localhost. # restrict 127.0.0.1 restrict ::1 # Hereafter should be "server" or "peer" statements to configure other # hosts to exchange NTP packets with. Peers should be selected in such # a way that the network path to them is symmetric (that is, the series # of links and routers used to get to the peer is the same one that the # peer uses to get back. NTP assumes such symmetry in its network delay # calculation. NTP will apply an incorrect adjustment to timestamps # received from the peer if the path is not symmetric. This can result # in clock skew (your system clock being maintained consistently wrong # by a certain amount). # # The best way to select symmetric peers is to make sure that the # network path to them is as short as possible (this reduces the chance # that there is more than one network path between you and your peer). # You can measure these distances with the traceroute(8) program. The # best place to start looking for NTP peers for your system is within # your own network, or at your Internet Service Provider (ISP). # # Ideally, you should select at least three other systems to talk NTP # with, for an "what I tell you three times is true" effect. # # A "restrict" line for each configured peer or server might be necessary, # if the "restrict default" settings are very restrictive. As a courtesy # to configured peers and servers, consider allowing them to query. #peer an.ntp.peer.goes.here #server an.ntp.server.goes.here #restrict an.ntp.server.goes.here nomodify notrap # Public servers from the pool.ntp.org project. Volunteer's servers # are dynamically assigned to the CNAMES below via DNS round-robin. # The pool.ntp.org project needs more volunteers! The only criteria to # join are a nailed-up connection and a static IP address. For details, # see the web page: # # http://www.pool.ntp.org/join.html # # Depending on the vagaries of DNS can occasionally pull in the same # server twice. The following CNAMES are guaranteed to be disjoint, at # least over some short interval. The following servers are allocated # to the NetBSD project. server 0.netbsd.pool.ntp.org restrict 0.netbsd.pool.ntp.org nomodify notrap server 1.netbsd.pool.ntp.org restrict 1.netbsd.pool.ntp.org nomodify notrap server 2.netbsd.pool.ntp.org restrict 2.netbsd.pool.ntp.org nomodify notrap server 3.netbsd.pool.ntp.org restrict 3.netbsd.pool.ntp.org nomodify notrap