xref: /src/etc/ntp.conf

# $NetBSD: ntp.conf,v 1.16 2014/01/06 11:21:34 apb Exp $
#
# NetBSD default Network Time Protocol (NTP) configuration file for ntpd

# This file is intended to be both a usable default, and a Quick-Start
# Guide. The directives and options listed here are not at all complete.
# A great deal of additional documentation, including links to FAQS and
# other guides, may be found on the official NTP web site, in particular
#
#	http://www.ntp.org/documentation.html
#

# Process ID file, so that the daemon can be signalled from scripts

pidfile		/var/run/ntpd.pid

# The correction calculated by ntpd(8) for the local system clock's
# drift is stored here.

driftfile	/var/db/ntp.drift

# Suppress the syslog(3) message for each peer synchronization change.

logconfig	-syncstatus

# This will help minimize disruptions due to network congestion. Don't
# do this if you configure only one server!

tos		minsane 2

# Set the number of tries to register with mdns. 0 means never
#
mdnstries	0

# New ntpd disables the ntpdc protocol by default, to re-enable uncomment
# the following line
# enable mode7

# Access control restrictions.
# See /usr/share/doc/html/ntp/accopt.html for syntax.
# See <http://support.ntp.org/bin/view/Support/AccessRestrictions> for advice.
# Last match wins.
#
# Some of the more common keywords are:
#   ignore      Deny packets of all kinds.
#   kod         Send "kiss-o'-death" packets if clients exceed rate
#               limits.
#   nomodify    Deny attempts to modify the state of the server via
#               ntpq or ntpdc queries.
#   noquery     Deny all ntpq and ntpdc queries.  Does not affect time
#               synchronisation.
#   nopeer      Prevent establishing an new peer association.
#               Does not affect preconfigured peer associations.
#               Does not affect client/server time synchronisation.
#   noserve     Deny all time synchronisation.  Does not affect ntpq or
#               ntpdc queries.
#   notrap      Deny the trap subset of the ntpdc control message protocol.
#   notrust     Deny packets that are not cryptographically authenticated.
#
# By default, either deny everything, or allow client/server time exchange
# but deny configuration changes, queries, and peer associations that were not
# explicitly configured.
# (Uncomment one of the following "restrict default" lines.)
#
#restrict default ignore
restrict default kod nopeer noquery

# Fewer restrictions for the local subnet.
# (Uncomment and adjust as appropriate.)
#
#restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer
#restrict 2001:db8:: mask ffff:ffff::  kod nomodify notrap nopeer

# No restrictions for localhost.
#
restrict 127.0.0.1
restrict ::1

# Hereafter should be "server" or "peer" statements to configure other
# hosts to exchange NTP packets with. Peers should be selected in such
# a way that the network path to them is symmetric (that is, the series
# of links and routers used to get to the peer is the same one that the
# peer uses to get back. NTP assumes such symmetry in its network delay
# calculation. NTP will apply an incorrect adjustment to timestamps
# received from the peer if the path is not symmetric. This can result
# in clock skew (your system clock being maintained consistently wrong
# by a certain amount).
#
# The best way to select symmetric peers is to make sure that the
# network path to them is as short as possible (this reduces the chance
# that there is more than one network path between you and your peer).
# You can measure these distances with the traceroute(8)  program. The
# best place to start looking for NTP peers for your system is within
# your own network, or at your Internet Service Provider (ISP).
#
# Ideally, you should select at least three other systems to talk NTP
# with, for an "what I tell you three times is true" effect.
#
# A "restrict" line for each configured peer or server might be necessary,
# if the "restrict default" settings are very restrictive.  As a courtesy
# to configured peers and servers, consider allowing them to query.

#peer		an.ntp.peer.goes.here
#server		an.ntp.server.goes.here
#restrict	an.ntp.server.goes.here nomodify notrap

# Public servers from the pool.ntp.org project. Volunteer's servers
# are dynamically assigned to the CNAMES below via DNS round-robin.
# The pool.ntp.org project needs more volunteers! The only criteria to
# join are a nailed-up connection and a static IP address. For details,
# see the web page:
#
#	http://www.pool.ntp.org/join.html
#

# Depending on the vagaries of DNS can occasionally pull in the same
# server twice. The following CNAMES are guaranteed to be disjoint, at
# least over some short interval. The following servers are allocated
# to the NetBSD project.

server		0.netbsd.pool.ntp.org
restrict	0.netbsd.pool.ntp.org nomodify notrap
server		1.netbsd.pool.ntp.org
restrict	1.netbsd.pool.ntp.org nomodify notrap
server		2.netbsd.pool.ntp.org
restrict	2.netbsd.pool.ntp.org nomodify notrap
server		3.netbsd.pool.ntp.org
restrict	3.netbsd.pool.ntp.org nomodify notrap