# $NetBSD: ntp.conf,v 1.14 2012/01/16 22:20:45 christos Exp $ # # NetBSD default Network Time Protocol (NTP) configuration file for ntpd # This file is intended to be both a usable default, and a Quick-Start # Guide. The directives and options listed here are not at all complete. # A great deal of additional documentation, including links to FAQS and # other guides, may be found on the official NTP web site, in particular # # http://www.ntp.org/documentation.html # # Process ID file, so that the daemon can be signalled from scripts pidfile /var/run/ntpd.pid # The correction calculated by ntpd(8) for the local system clock's # drift is stored here. driftfile /var/db/ntp.drift # Suppress the syslog(3) message for each peer synchronization change. logconfig -syncstatus # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't # do this if you configure only one server! tos minsane 2 # Set the number of tries to register with mdns. 0 means never # mdnstries 0 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing an new peer association. # Does not affect preconfigured peer associations. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, either deny everything, or allow client/server time exchange # but deny configuration changes, queries, and peer associations that were not # explicitly configured. # (Uncomment one of the following "restrict default" lines.) # #restrict default ignore restrict default kod nopeer noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) # #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer # No restrictions for localhost. # restrict 127.0.0.1 restrict ::1 # Hereafter should be "server" or "peer" statements to configure other # hosts to exchange NTP packets with. # # See # and # for advice. # # Peers should be selected in such a way that the network path to them # is short, uncongested, and symmetric (that is, the series of links # and routers used to get to the peer is the same one that the peer # uses to get back). The best place to start looking for NTP peers for # your system is within your own network, or at your Internet Service # Provider (ISP). # # Ideally, you should select at least three other systems to talk NTP # with, for an "what I tell you three times is true" effect. # #peer an.ntp.peer.goes.here #server an.ntp.server.goes.here #restrict an.ntp.server.goes.here nomodify notrap # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts, but # servers that are closer to you are likely to be better. Consider # using servers specific to your country, a nearby country, or your # continent. # # The pool.ntp.org project needs more volunteers! The only criteria to # join are a nailed-up connection and a static IP address. For details, # see the web page: # # http://www.pool.ntp.org/join.html # server 0.netbsd.pool.ntp.org restrict 0.netbsd.pool.ntp.org nomodify notrap server 1.netbsd.pool.ntp.org restrict 1.netbsd.pool.ntp.org nomodify notrap server 2.netbsd.pool.ntp.org restrict 2.netbsd.pool.ntp.org nomodify notrap server 3.netbsd.pool.ntp.org restrict 3.netbsd.pool.ntp.org nomodify notrap