1193635Sedwin# 2193635Sedwin# $FreeBSD: stable/11/etc/ntp.conf 352865 2019-09-29 03:36:50Z cy $ 3193635Sedwin# 4193635Sedwin# Default NTP servers for the FreeBSD operating system. 5193635Sedwin# 6193635Sedwin# Don't forget to enable ntpd in /etc/rc.conf with: 7193635Sedwin# ntpd_enable="YES" 8193635Sedwin# 9193635Sedwin# The driftfile is by default /var/db/ntpd.drift, check 10193635Sedwin# /etc/defaults/rc.conf on how to change the location. 11193635Sedwin# 12193635Sedwin 13193635Sedwin# 14314531Sian# Set the target and limit for adding servers configured via pool statements 15314531Sian# or discovered dynamically via mechanisms such as broadcast and manycast. 16314531Sian# Ntpd automatically adds maxclock-1 servers from configured pools, and may 17314531Sian# add as many as maxclock*2 if necessary to ensure that at least minclock 18314531Sian# servers are providing good consistant time. 19314531Sian# 20314531Siantos minclock 3 maxclock 6 21314531Sian 22314531Sian# 23314531Sian# The following pool statement will give you a random set of NTP servers 24314531Sian# geographically close to you. A single pool statement adds multiple 25314531Sian# servers from the pool, according to the tos minclock/maxclock targets. 26314531Sian# See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages 27195652Sdwmalone# users with a static IP and good upstream NTP servers to add a server 28195652Sdwmalone# to the pool. See http://www.pool.ntp.org/join.html if you are interested. 29193635Sedwin# 30259973Sdelphij# The option `iburst' is used for faster initial synchronization. 31193635Sedwin# 32314531Sianpool 0.freebsd.pool.ntp.org iburst 33193635Sedwin 34193635Sedwin# 35193635Sedwin# If you want to pick yourself which country's public NTP server 36314531Sian# you want to sync against, comment out the above pool, uncomment 37314531Sian# the next one, and replace CC with the country's abbreviation. 38314531Sian# Make sure that the hostname resolves to a proper IP address! 39193635Sedwin# 40314531Sian# pool 0.CC.pool.ntp.org iburst 41193635Sedwin 42193635Sedwin# 43314531Sian# To configure a specific server, such as an organization-wide local 44314531Sian# server, add lines similar to the following. One or more specific 45314531Sian# servers can be configured in addition to, or instead of, any server 46314531Sian# pools specified above. When both are configured, ntpd first adds all 47314531Sian# the specific servers, then adds servers from the pool until the tos 48314531Sian# minclock/maxclock targets are met. 49314531Sian# 50314531Sian#server time.my-internal.org iburst 51314531Sian 52314531Sian# 53259973Sdelphij# Security: 54193635Sedwin# 55259973Sdelphij# By default, only allow time queries and block all other requests 56259973Sdelphij# from unauthenticated clients. 57259973Sdelphij# 58314531Sian# The "restrict source" line allows peers to be mobilized when added by 59314531Sian# ntpd from a pool, but does not enable mobilizing a new peer association 60314531Sian# by other dynamic means (broadcast, manycast, ntpq commands, etc). 61314531Sian# 62259973Sdelphij# See http://support.ntp.org/bin/view/Support/AccessRestrictions 63259973Sdelphij# for more information. 64259973Sdelphij# 65335949Sianrestrict default limited kod nomodify notrap noquery nopeer 66335949Sianrestrict source limited kod nomodify notrap noquery 67314531Sian 68259973Sdelphij# 69259973Sdelphij# Alternatively, the following rules would block all unauthorized access. 70259973Sdelphij# 71259973Sdelphij#restrict default ignore 72259973Sdelphij# 73259973Sdelphij# In this case, all remote NTP time servers also need to be explicitly 74259973Sdelphij# allowed or they would not be able to exchange time information with 75259973Sdelphij# this server. 76259973Sdelphij# 77193635Sedwin# Please note that this example doesn't work for the servers in 78193635Sedwin# the pool.ntp.org domain since they return multiple A records. 79193635Sedwin# 80193635Sedwin#restrict 0.pool.ntp.org nomodify nopeer noquery notrap 81193635Sedwin#restrict 1.pool.ntp.org nomodify nopeer noquery notrap 82193635Sedwin#restrict 2.pool.ntp.org nomodify nopeer noquery notrap 83259973Sdelphij# 84259973Sdelphij# The following settings allow unrestricted access from the localhost 85259973Sdelphijrestrict 127.0.0.1 86335949Sianrestrict ::1 87193635Sedwin 88193635Sedwin# 89195652Sdwmalone# If a server loses sync with all upstream servers, NTP clients 90195652Sdwmalone# no longer follow that server. The local clock can be configured 91195652Sdwmalone# to provide a time source when this happens, but it should usually 92195652Sdwmalone# be configured on just one server on a network. For more details see 93195652Sdwmalone# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock 94195652Sdwmalone# The use of Orphan Mode may be preferable. 95193635Sedwin# 96195652Sdwmalone#server 127.127.1.0 97195652Sdwmalone#fudge 127.127.1.0 stratum 10 98289421Scy 99289421Scy# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14. 100289421Scy# for documentation regarding leapfile. Updates to the file can be obtained 101289421Scy# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. 102335949Sian# Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db. 103294773Scy#leapfile "/etc/ntp/leap-seconds" 104294773Scyleapfile "/var/db/ntpd.leap-seconds.list" 105352865Scy 106352865Scy# Specify the number of megabytes of memory that should be allocated and 107352865Scy# locked. -1 (default) means "do not lock the process into memory". 108352865Scy# 0 means "lock whatever memory the process wants into memory". Any other 109352865Scy# number means to lock up to that number of megabytes into memory. 110352865Scy# 0 may result in a segfault when ASLR with stack gap randomization 111352865Scy# is enabled. 112352865Scy#rlimit memlock 32 113