ntp.conf revision 1.9.20.1 
1# $NetBSD: ntp.conf,v 1.9.20.1 2014/01/06 19:24:35 bouyer Exp $
2#
3# NetBSD default Network Time Protocol (NTP) configuration file for ntpd
4
5# This file is intended to be both a usable default, and a Quick-Start
6# Guide. The directives and options listed here are not at all complete.
7# A great deal of additional documentation, including links to FAQS and
8# other guides, may be found on the official NTP web site, in particular
9#
10#	http://www.ntp.org/documentation.html
11#
12
13# Process ID file, so that the daemon can be signalled from scripts
14
15pidfile		/var/run/ntpd.pid
16
17# The correction calculated by ntpd(8) for the local system clock's
18# drift is stored here.
19
20driftfile	/var/db/ntp.drift
21
22# Suppress the syslog(3) message for each peer synchronization change.
23
24logconfig	-syncstatus
25
26# Refuse to set the local clock if there are too few good peers or servers.
27# This may help minimize disruptions due to network congestion. Don't
28# do this if you configure only one server!
29
30tos		minsane 2
31
32# Access control restrictions.
33# See /usr/share/doc/html/ntp/accopt.html for syntax.
34# See <http://support.ntp.org/bin/view/Support/AccessRestrictions> for advice.
35# Last match wins.
36#
37# Some of the more common keywords are:
38#   ignore      Deny packets of all kinds.
39#   kod         Send "kiss-o'-death" packets if clients exceed rate
40#               limits.
41#   nomodify    Deny attempts to modify the state of the server via
42#               ntpq or ntpdc queries.
43#   noquery     Deny all ntpq and ntpdc queries.  Does not affect time
44#               synchronisation.
45#   nopeer      Prevent establishing an new peer association.
46#               Does not affect preconfigured peer associations.
47#               Does not affect client/server time synchronisation.
48#   noserve     Deny all time synchronisation.  Does not affect ntpq or
49#               ntpdc queries.
50#   notrap      Deny the trap subset of the ntpdc control message protocol.
51#   notrust     Deny packets that are not cryptographically authenticated.
52#
53# By default, either deny everything, or allow client/server time exchange
54# but deny configuration changes, queries, and peer associations that were not
55# explicitly configured.
56# (Uncomment one of the following "restrict default" lines.)
57#
58#restrict default ignore
59restrict default kod nopeer noquery
60
61# Fewer restrictions for the local subnet.
62# (Uncomment and adjust as appropriate.)
63#
64#restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer
65#restrict 2001:db8:: mask ffff:ffff::  kod nomodify notrap nopeer
66
67# No restrictions for localhost.
68#
69restrict 127.0.0.1
70restrict ::1
71
72# Hereafter should be "server" or "peer" statements to configure other
73# hosts to exchange NTP packets with.
74#
75# See <http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork>
76# and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers>
77# for advice.
78#
79# Peers should be selected in such a way that the network path to them
80# is short, uncongested, and symmetric (that is, the series of links
81# and routers used to get to the peer is the same one that the peer
82# uses to get back).  The best place to start looking for NTP peers for
83# your system is within your own network, or at your Internet Service
84# Provider (ISP).
85#
86# Ideally, you should select at least three other systems to talk NTP
87# with, for an "what I tell you three times is true" effect.
88#
89# A "restrict" line for each configured peer or server might be necessary,
90# if the "restrict default" settings are very restrictive.  As a courtesy
91# to configured peers and servers, consider allowing them to query.
92
93#peer		an.ntp.peer.goes.here
94#server		an.ntp.server.goes.here
95#restrict	an.ntp.server.goes.here nomodify notrap
96
97# The pool.ntp.org project coordinates public time servers provided by
98# volunteers.  See <http://www.pool.ntp.org>.  The *.netbsd.pool.ntp.org
99# servers are intended to be used by default on NetBSD hosts, but
100# servers that are closer to you are likely to be better.  Consider
101# using servers specific to your country, a nearby country, or your
102# continent.
103#
104# The pool.ntp.org project needs more volunteers! The only criteria to
105# join are a nailed-up connection and a static IP address. For details,
106# see the web page:
107#
108#	http://www.pool.ntp.org/join.html
109#
110
111server          0.netbsd.pool.ntp.org
112restrict        0.netbsd.pool.ntp.org nomodify notrap
113server          1.netbsd.pool.ntp.org
114restrict        1.netbsd.pool.ntp.org nomodify notrap
115server          2.netbsd.pool.ntp.org
116restrict        2.netbsd.pool.ntp.org nomodify notrap
117server          3.netbsd.pool.ntp.org
118restrict        3.netbsd.pool.ntp.org nomodify notrap
119