1# $NetBSD: ntp.conf,v 1.23 2021/10/28 07:24:40 kim Exp $
2#
3# NetBSD default Network Time Protocol (NTP) configuration file for ntpd
4
5# This file is intended to be both a usable default, and a Quick-Start
6# Guide. The directives and options listed here are not at all complete.
7# A great deal of additional documentation, including links to FAQS and
8# other guides, may be found on the official NTP web site, in particular
9#
10#	http://www.ntp.org/documentation.html
11
12# Process ID file, so that the daemon can be signalled from scripts
13
14pidfile /var/run/ntpd.pid
15
16# Don't give up even if the reference time is hugely different. This can
17# happen if the system was suspended and resumed.
18
19#tinker panic 0
20
21# The correction calculated by ntpd(8) for the local system clock's
22# drift is stored here.
23
24driftfile /var/db/ntp.drift
25
26# Suppress the syslog(3) message for each peer synchronization change.
27
28logconfig -syncstatus
29
30# Refuse to set the local clock if there are too few good peers or servers.
31# This may help minimize disruptions due to network congestion. Don't
32# do this if you configure only one server!
33
34tos minsane 2
35
36# Set the target and limit for adding servers configured via pool statements
37# or discovered dynamically via mechanisms such as broadcast and manycast.
38# Ntpd automatically adds maxclock-1 servers from configured pools, and may
39# add as many as maxclock*2 if necessary to ensure that at least minclock
40# servers are providing good consistent time.
41
42tos minclock 3 maxclock 6
43
44# Set the number of tries to register with mdns. 0 means never
45
46mdnstries 0
47
48# New ntpd disables the ntpdc protocol by default, to re-enable uncomment
49# the following line
50
51#enable mode7
52
53# Allow hasty ntpdate clients to avoid rate limiting / kod responses.
54# The default is 2 seconds between packets from the client.
55
56#discard minimum 1
57
58# Access control restrictions.
59# See /usr/share/doc/html/ntp/accopt.html for syntax.
60# See <http://support.ntp.org/bin/view/Support/AccessRestrictions> for advice.
61# Last match wins.
62#
63# Some of the more common keywords are:
64#   ignore      Deny packets of all kinds.
65#   limited     Deny time service if the packet violates the rate limits
66#               established by the discard command. Does not affect ntpq or
67#               ntpdc queries.
68#   kod         Send "kiss-o'-death" packets if clients exceed rate limits.
69#               No effect without the limited flag.
70#   nomodify    Deny attempts to modify the state of the server via ntpq or
71#               ntpdc queries.
72#   noquery     Deny all ntpq and ntpdc queries.  Does not affect time
73#               synchronisation.
74#   nopeer      Prevent establishing new peer associations.
75#               Does not affect peers configured using "peer" lines.
76#               Does not affect client/server time synchronisation.
77#   noserve     Deny all time synchronisation.  Does not affect ntpq or
78#               ntpdc queries.
79#   notrap      Deny the trap subset of the ntpdc control message protocol.
80#   notrust     Deny packets that are not cryptographically authenticated.
81#
82# By default, allow client/server time exchange without prior
83# arrangement, but deny configuration changes, queries, and peer
84# associations that were not explicitly configured.
85
86restrict default limited kod nomodify notrap nopeer noquery
87
88# Restrictions used for associations (peer, server, pool).
89
90restrict source nomodify notrap noquery
91
92# Fewer restrictions for the local subnet.
93# (Uncomment and adjust as appropriate.)
94
95#restrict 192.0.2.0 mask 255.255.255.0 limited kod nomodify notrap nopeer
96#restrict 2001:db8:: mask ffff:ffff::  limited kod nomodify notrap nopeer
97
98# No restrictions for localhost.
99
100restrict 127.0.0.1
101restrict ::1
102
103# Hereafter should be "server", "peer", or "pool" statements to configure
104# other hosts to exchange NTP packets with.
105#
106# See <http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork>
107# and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers>
108# for advice.
109#
110# Peers or servers should be selected in such a way that the network
111# path to them is short, uncongested, and symmetric (that is, the series
112# of links and routers used to get to the peer is the same one that
113# the peer uses to get back).  The best place to start looking for NTP
114# peers for your system is within your own network, or at your Internet
115# Service Provider (ISP).
116#
117# Ideally, you should select at least three other systems to talk NTP
118# with, for an "what I tell you three times is true" effect.
119
120#peer an.ntp.peer.goes.here iburst
121#server an.ntp.server.goes.here iburst
122
123# The pool.ntp.org project coordinates public time servers provided by
124# volunteers.  See <http://www.pool.ntp.org>.  The *.netbsd.pool.ntp.org
125# servers are intended to be used by default on NetBSD hosts.
126#
127# The following pool statement will give you a random set of NTP servers
128# geographically close to you.  A single pool statement adds multiple
129# servers from the pool, according to the tos minclock/maxclock targets.
130# The "2" host is used to obtain both IPv4 and IPv6 addresses.
131#
132# The pool.ntp.org project needs more volunteers! The only criteria to
133# join are a nailed-up connection and a static IP address. For details,
134# see the web page <http://www.pool.ntp.org/join.html>
135
136pool 2.netbsd.pool.ntp.org iburst
137