src/etc/ntp.conf - view

Return to ntp.conf CVS log

Up to [cvs.NetBSD.org] / src / etc

File: [cvs.NetBSD.org] / src / etc / ntp.conf (download)

Revision 1.19, Tue Jan 14 13:23:46 2014 UTC (10 years, 3 months ago) by apb
Branch: MAIN
CVS Tags: yamt-pagecache-base9, tls-maxphys-base, tls-earlyentropy-base, tls-earlyentropy, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, pgoyette-localcount-base, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0, netbsd-7, localcount-20160914
Branch point for: pgoyette-localcount
Changes since 1.18: +12 -23 lines

Don't try to use server-specific "restrict" settings;
they do not work when the server is specified by domain name
and the name is associated with multiple IP addresses.

This also means that uncommenting "restrict default ignore"
will not work, so remove the comments suggesting that.

Also edit some other comments.

# $NetBSD: ntp.conf,v 1.19 2014/01/14 13:23:46 apb Exp $
#
# NetBSD default Network Time Protocol (NTP) configuration file for ntpd

# This file is intended to be both a usable default, and a Quick-Start
# Guide. The directives and options listed here are not at all complete.
# A great deal of additional documentation, including links to FAQS and
# other guides, may be found on the official NTP web site, in particular
#
#	http://www.ntp.org/documentation.html
#

# Process ID file, so that the daemon can be signalled from scripts

pidfile		/var/run/ntpd.pid

# The correction calculated by ntpd(8) for the local system clock's
# drift is stored here.

driftfile	/var/db/ntp.drift

# Suppress the syslog(3) message for each peer synchronization change.

logconfig	-syncstatus

# Refuse to set the local clock if there are too few good peers or servers.
# This may help minimize disruptions due to network congestion. Don't
# do this if you configure only one server!

tos		minsane 2

# Set the number of tries to register with mdns. 0 means never
#
mdnstries	0

# New ntpd disables the ntpdc protocol by default, to re-enable uncomment
# the following line
# enable mode7

# Access control restrictions.
# See /usr/share/doc/html/ntp/accopt.html for syntax.
# See <http://support.ntp.org/bin/view/Support/AccessRestrictions> for advice.
# Last match wins.
#
# Some of the more common keywords are:
#   ignore      Deny packets of all kinds.
#   kod         Send "kiss-o'-death" packets if clients exceed rate
#               limits.
#   nomodify    Deny attempts to modify the state of the server via
#               ntpq or ntpdc queries.
#   noquery     Deny all ntpq and ntpdc queries.  Does not affect time
#               synchronisation.
#   nopeer      Prevent establishing new peer associations.
#               Does not affect peers configured using "peer" lines.
#               Does not affect client/server time synchronisation.
#   noserve     Deny all time synchronisation.  Does not affect ntpq or
#               ntpdc queries.
#   notrap      Deny the trap subset of the ntpdc control message protocol.
#   notrust     Deny packets that are not cryptographically authenticated.
#
# By default, allow client/server time exchange without prior
# arrangement, but deny configuration changes, queries, and peer
# associations that were not explicitly configured.
#
restrict default kod nopeer noquery

# Fewer restrictions for the local subnet.
# (Uncomment and adjust as appropriate.)
#
#restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer
#restrict 2001:db8:: mask ffff:ffff::  kod nomodify notrap nopeer

# No restrictions for localhost.
#
restrict 127.0.0.1
restrict ::1

# Hereafter should be "server" or "peer" statements to configure other
# hosts to exchange NTP packets with.
#
# See <http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork>
# and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers>
# for advice.
#
# Peers or servers should be selected in such a way that the network
# path to them is short, uncongested, and symmetric (that is, the series
# of links and routers used to get to the peer is the same one that
# the peer uses to get back).  The best place to start looking for NTP
# peers for your system is within your own network, or at your Internet
# Service Provider (ISP).
#
# Ideally, you should select at least three other systems to talk NTP
# with, for an "what I tell you three times is true" effect.

#peer		an.ntp.peer.goes.here
#server		an.ntp.server.goes.here

# The pool.ntp.org project coordinates public time servers provided by
# volunteers.  See <http://www.pool.ntp.org>.  The *.netbsd.pool.ntp.org
# servers are intended to be used by default on NetBSD hosts, but
# servers that are closer to you are likely to be better.  Consider
# using servers specific to your country, a nearby country, or your
# continent.
#
# The pool.ntp.org project needs more volunteers! The only criteria to
# join are a nailed-up connection and a static IP address. For details,
# see the web page:
#
#	http://www.pool.ntp.org/join.html
#

server		0.netbsd.pool.ntp.org
server		1.netbsd.pool.ntp.org
server		2.netbsd.pool.ntp.org
server		3.netbsd.pool.ntp.org