Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/etc/ntp.conf,v rcsdiff: /ftp/cvs/cvsroot/src/etc/ntp.conf,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.9 retrieving revision 1.9.20.1 diff -u -p -r1.9 -r1.9.20.1 --- src/etc/ntp.conf 2007/02/10 19:36:56 1.9 +++ src/etc/ntp.conf 2014/01/06 19:24:35 1.9.20.1 @@ -1,4 +1,4 @@ -# $NetBSD: ntp.conf,v 1.9 2007/02/10 19:36:56 reed Exp $ +# $NetBSD: ntp.conf,v 1.9.20.1 2014/01/06 19:24:35 bouyer Exp $ # # NetBSD default Network Time Protocol (NTP) configuration file for ntpd @@ -23,61 +23,96 @@ driftfile /var/db/ntp.drift logconfig -syncstatus -# This will help minimize disruptions due to network congestion. Don't +# Refuse to set the local clock if there are too few good peers or servers. +# This may help minimize disruptions due to network congestion. Don't # do this if you configure only one server! tos minsane 2 +# Access control restrictions. +# See /usr/share/doc/html/ntp/accopt.html for syntax. +# See for advice. +# Last match wins. +# +# Some of the more common keywords are: +# ignore Deny packets of all kinds. +# kod Send "kiss-o'-death" packets if clients exceed rate +# limits. +# nomodify Deny attempts to modify the state of the server via +# ntpq or ntpdc queries. +# noquery Deny all ntpq and ntpdc queries. Does not affect time +# synchronisation. +# nopeer Prevent establishing an new peer association. +# Does not affect preconfigured peer associations. +# Does not affect client/server time synchronisation. +# noserve Deny all time synchronisation. Does not affect ntpq or +# ntpdc queries. +# notrap Deny the trap subset of the ntpdc control message protocol. +# notrust Deny packets that are not cryptographically authenticated. +# +# By default, either deny everything, or allow client/server time exchange +# but deny configuration changes, queries, and peer associations that were not +# explicitly configured. +# (Uncomment one of the following "restrict default" lines.) +# +#restrict default ignore +restrict default kod nopeer noquery + +# Fewer restrictions for the local subnet. +# (Uncomment and adjust as appropriate.) +# +#restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer +#restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer + +# No restrictions for localhost. +# +restrict 127.0.0.1 +restrict ::1 + # Hereafter should be "server" or "peer" statements to configure other -# hosts to exchange NTP packets with. Peers should be selected in such -# a way that the network path to them is symmetric (that is, the series -# of links and routers used to get to the peer is the same one that the -# peer uses to get back. NTP assumes such symmetry in its network delay -# calculation. NTP will apply an incorrect adjustment to timestamps -# received from the peer if the path is not symmetric. This can result -# in clock skew (your system clock being maintained consistently wrong -# by a certain amount). -# -# The best way to select symmetric peers is to make sure that the -# network path to them is as short as possible (this reduces the chance -# that there is more than one network path between you and your peer). -# You can measure these distances with the traceroute(8) program. The -# best place to start looking for NTP peers for your system is within -# your own network, or at your Internet Service Provider (ISP). +# hosts to exchange NTP packets with. +# +# See +# and +# for advice. +# +# Peers should be selected in such a way that the network path to them +# is short, uncongested, and symmetric (that is, the series of links +# and routers used to get to the peer is the same one that the peer +# uses to get back). The best place to start looking for NTP peers for +# your system is within your own network, or at your Internet Service +# Provider (ISP). # # Ideally, you should select at least three other systems to talk NTP # with, for an "what I tell you three times is true" effect. # +# A "restrict" line for each configured peer or server might be necessary, +# if the "restrict default" settings are very restrictive. As a courtesy +# to configured peers and servers, consider allowing them to query. #peer an.ntp.peer.goes.here #server an.ntp.server.goes.here +#restrict an.ntp.server.goes.here nomodify notrap -# Public servers from the pool.ntp.org project. Volunteer's servers -# are dynamically assigned to the CNAMES below via DNS round-robin. +# The pool.ntp.org project coordinates public time servers provided by +# volunteers. See . The *.netbsd.pool.ntp.org +# servers are intended to be used by default on NetBSD hosts, but +# servers that are closer to you are likely to be better. Consider +# using servers specific to your country, a nearby country, or your +# continent. +# # The pool.ntp.org project needs more volunteers! The only criteria to # join are a nailed-up connection and a static IP address. For details, # see the web page: # -# http://www.pool.ntp.org/ +# http://www.pool.ntp.org/join.html # -# The country codes can help you find servers that are net-wise close. -# As explained above, closer is better... - -# Northern U.S.A -#server ca.pool.ntp.org -#server us.pool.ntp.org -#server us.pool.ntp.org - -# Northern Europe -#server de.pool.ntp.org -#server de.pool.ntp.org -#server dk.pool.ntp.org - -# Depending on the vagaries of DNS can occasionally pull in the same -# server twice. The following CNAMES are guaranteed to be disjoint, at -# least over some short interval. - -server 0.pool.ntp.org -server 1.pool.ntp.org -server 2.pool.ntp.org +server 0.netbsd.pool.ntp.org +restrict 0.netbsd.pool.ntp.org nomodify notrap +server 1.netbsd.pool.ntp.org +restrict 1.netbsd.pool.ntp.org nomodify notrap +server 2.netbsd.pool.ntp.org +restrict 2.netbsd.pool.ntp.org nomodify notrap +server 3.netbsd.pool.ntp.org +restrict 3.netbsd.pool.ntp.org nomodify notrap