ntp.conf revision 1.9.36.1
1# $NetBSD: ntp.conf,v 1.9.36.1 2014/01/06 19:24:42 bouyer Exp $ 2# 3# NetBSD default Network Time Protocol (NTP) configuration file for ntpd 4 5# This file is intended to be both a usable default, and a Quick-Start 6# Guide. The directives and options listed here are not at all complete. 7# A great deal of additional documentation, including links to FAQS and 8# other guides, may be found on the official NTP web site, in particular 9# 10# http://www.ntp.org/documentation.html 11# 12 13# Process ID file, so that the daemon can be signalled from scripts 14 15pidfile /var/run/ntpd.pid 16 17# The correction calculated by ntpd(8) for the local system clock's 18# drift is stored here. 19 20driftfile /var/db/ntp.drift 21 22# Suppress the syslog(3) message for each peer synchronization change. 23 24logconfig -syncstatus 25 26# Refuse to set the local clock if there are too few good peers or servers. 27# This may help minimize disruptions due to network congestion. Don't 28# do this if you configure only one server! 29 30tos minsane 2 31 32# Access control restrictions. 33# See /usr/share/doc/html/ntp/accopt.html for syntax. 34# See <http://support.ntp.org/bin/view/Support/AccessRestrictions> for advice. 35# Last match wins. 36# 37# Some of the more common keywords are: 38# ignore Deny packets of all kinds. 39# kod Send "kiss-o'-death" packets if clients exceed rate 40# limits. 41# nomodify Deny attempts to modify the state of the server via 42# ntpq or ntpdc queries. 43# noquery Deny all ntpq and ntpdc queries. Does not affect time 44# synchronisation. 45# nopeer Prevent establishing an new peer association. 46# Does not affect preconfigured peer associations. 47# Does not affect client/server time synchronisation. 48# noserve Deny all time synchronisation. Does not affect ntpq or 49# ntpdc queries. 50# notrap Deny the trap subset of the ntpdc control message protocol. 51# notrust Deny packets that are not cryptographically authenticated. 52# 53# By default, either deny everything, or allow client/server time exchange 54# but deny configuration changes, queries, and peer associations that were not 55# explicitly configured. 56# (Uncomment one of the following "restrict default" lines.) 57# 58#restrict default ignore 59restrict default kod nopeer noquery 60 61# Fewer restrictions for the local subnet. 62# (Uncomment and adjust as appropriate.) 63# 64#restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer 65#restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer 66 67# No restrictions for localhost. 68# 69restrict 127.0.0.1 70restrict ::1 71 72# Hereafter should be "server" or "peer" statements to configure other 73# hosts to exchange NTP packets with. 74# 75# See <http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork> 76# and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers> 77# for advice. 78# 79# Peers should be selected in such a way that the network path to them 80# is short, uncongested, and symmetric (that is, the series of links 81# and routers used to get to the peer is the same one that the peer 82# uses to get back). The best place to start looking for NTP peers for 83# your system is within your own network, or at your Internet Service 84# Provider (ISP). 85# 86# Ideally, you should select at least three other systems to talk NTP 87# with, for an "what I tell you three times is true" effect. 88# 89# A "restrict" line for each configured peer or server might be necessary, 90# if the "restrict default" settings are very restrictive. As a courtesy 91# to configured peers and servers, consider allowing them to query. 92 93#peer an.ntp.peer.goes.here 94#server an.ntp.server.goes.here 95#restrict an.ntp.server.goes.here nomodify notrap 96 97# The pool.ntp.org project coordinates public time servers provided by 98# volunteers. See <http://www.pool.ntp.org>. The *.netbsd.pool.ntp.org 99# servers are intended to be used by default on NetBSD hosts, but 100# servers that are closer to you are likely to be better. Consider 101# using servers specific to your country, a nearby country, or your 102# continent. 103# 104# The pool.ntp.org project needs more volunteers! The only criteria to 105# join are a nailed-up connection and a static IP address. For details, 106# see the web page: 107# 108# http://www.pool.ntp.org/join.html 109# 110 111server 0.netbsd.pool.ntp.org 112restrict 0.netbsd.pool.ntp.org nomodify notrap 113server 1.netbsd.pool.ntp.org 114restrict 1.netbsd.pool.ntp.org nomodify notrap 115server 2.netbsd.pool.ntp.org 116restrict 2.netbsd.pool.ntp.org nomodify notrap 117server 3.netbsd.pool.ntp.org 118restrict 3.netbsd.pool.ntp.org nomodify notrap 119