ntp.conf revision 1.21
1# $NetBSD: ntp.conf,v 1.21 2020/10/04 13:50:44 kim Exp $ 2# 3# NetBSD default Network Time Protocol (NTP) configuration file for ntpd 4 5# This file is intended to be both a usable default, and a Quick-Start 6# Guide. The directives and options listed here are not at all complete. 7# A great deal of additional documentation, including links to FAQS and 8# other guides, may be found on the official NTP web site, in particular 9# 10# http://www.ntp.org/documentation.html 11 12# Process ID file, so that the daemon can be signalled from scripts 13 14pidfile /var/run/ntpd.pid 15 16# Don't give up even if the reference time is hugely different. This can 17# happen if the system was suspended and resumed. 18 19#tinker panic 0 20 21# The correction calculated by ntpd(8) for the local system clock's 22# drift is stored here. 23 24driftfile /var/db/ntp.drift 25 26# Suppress the syslog(3) message for each peer synchronization change. 27 28logconfig -syncstatus 29 30# Refuse to set the local clock if there are too few good peers or servers. 31# This may help minimize disruptions due to network congestion. Don't 32# do this if you configure only one server! 33 34tos minsane 2 35 36# Set the target and limit for adding servers configured via pool statements 37# or discovered dynamically via mechanisms such as broadcast and manycast. 38# Ntpd automatically adds maxclock-1 servers from configured pools, and may 39# add as many as maxclock*2 if necessary to ensure that at least minclock 40# servers are providing good consistent time. 41 42tos minclock 3 maxclock 6 43 44# Set the number of tries to register with mdns. 0 means never 45 46mdnstries 0 47 48# New ntpd disables the ntpdc protocol by default, to re-enable uncomment 49# the following line 50 51#enable mode7 52 53# Allow hasty ntpdate clients to avoid rate limiting / kod responses. 54# The default is 2 seconds between packets from the client. 55 56#discard minimum 1 57 58# Access control restrictions. 59# See /usr/share/doc/html/ntp/accopt.html for syntax. 60# See <http://support.ntp.org/bin/view/Support/AccessRestrictions> for advice. 61# Last match wins. 62# 63# Some of the more common keywords are: 64# ignore Deny packets of all kinds. 65# limited Deny time service if the packet violates the rate limits 66# established by the discard command. Does not affect ntpq or 67# ntpdc queries. 68# kod Send "kiss-o'-death" packets if clients exceed rate limits. 69# No affect without the limited flag. 70# nomodify Deny attempts to modify the state of the server via ntpq or 71# ntpdc queries. 72# noquery Deny all ntpq and ntpdc queries. Does not affect time 73# synchronisation. 74# nopeer Prevent establishing new peer associations. 75# Does not affect peers configured using "peer" lines. 76# Does not affect client/server time synchronisation. 77# noserve Deny all time synchronisation. Does not affect ntpq or 78# ntpdc queries. 79# notrap Deny the trap subset of the ntpdc control message protocol. 80# notrust Deny packets that are not cryptographically authenticated. 81# 82# By default, allow client/server time exchange without prior 83# arrangement, but deny configuration changes, queries, and peer 84# associations that were not explicitly configured. 85 86restrict default limited kod nomodify notrap nopeer noquery 87 88# Restrictions used for associations (peer, server, pool). 89 90restrict source nomodify notrap noquery 91 92# Fewer restrictions for the local subnet. 93# (Uncomment and adjust as appropriate.) 94 95#restrict 192.0.2.0 mask 255.255.255.0 limited kod nomodify notrap nopeer 96#restrict 2001:db8:: mask ffff:ffff:: limited kod nomodify notrap nopeer 97 98# No restrictions for localhost. 99 100restrict 127.0.0.1 101restrict ::1 102 103# Hereafter should be "server", "peer", or "pool" statements to configure 104# other hosts to exchange NTP packets with. 105# 106# See <http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork> 107# and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers> 108# for advice. 109# 110# Peers or servers should be selected in such a way that the network 111# path to them is short, uncongested, and symmetric (that is, the series 112# of links and routers used to get to the peer is the same one that 113# the peer uses to get back). The best place to start looking for NTP 114# peers for your system is within your own network, or at your Internet 115# Service Provider (ISP). 116# 117# Ideally, you should select at least three other systems to talk NTP 118# with, for an "what I tell you three times is true" effect. 119 120#peer an.ntp.peer.goes.here 121#server an.ntp.server.goes.here 122 123# The pool.ntp.org project coordinates public time servers provided by 124# volunteers. See <http://www.pool.ntp.org>. The *.netbsd.pool.ntp.org 125# servers are intended to be used by default on NetBSD hosts. 126# 127# The following pool statement will give you a random set of NTP servers 128# geographically close to you. A single pool statement adds multiple 129# servers from the pool, according to the tos minclock/maxclock targets. 130# The "2" host is used to obtain both IPv4 and IPv6 addresses. 131# 132# The pool.ntp.org project needs more volunteers! The only criteria to 133# join are a nailed-up connection and a static IP address. For details, 134# see the web page <http://www.pool.ntp.org/join.html> 135 136pool 2.netbsd.pool.ntp.org iburst 137