Use "pool" for the pool.ntp.org servers. Add some new hints.
- Use the "pool" keyword for obtaining servers from ntp.pool.org.
- Add "tos minclock" and "tos maxclock" to limit the number of servers.
- Add "restrict source" to apply appropriate restrictions to servers.
(Specifically "nopeer" cannot be applied to "pool" servers.)
- A single "pool" entry suffices -- using "2.netbsd.pool.ntp.org" so
that we get both IPv4 and IPv6 addresses. (No addresses are returned
for just "netbsd.pool.ntp.org.")
- Add a comment about "tinker panic 0" -- useful for VMs and laptops.
- Add a comment about "discard minimum" -- useful for some SNTP clients.
- Add an explanation for the "limited" restriction keyword.
- Unify whitespace and comment formatting.
This commit is contained in:
kim
parent
9d72f76464
commit
eb131804a5
91
etc/ntp.conf
91
etc/ntp.conf
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: ntp.conf,v 1.20 2017/01/09 20:05:29 christos Exp $
|
||||
# $NetBSD: ntp.conf,v 1.21 2020/10/04 13:50:44 kim Exp $
|
||||
#
|
||||
# NetBSD default Network Time Protocol (NTP) configuration file for ntpd
|
||||
|
||||
|
|
@ -8,34 +8,52 @@
|
|||
# other guides, may be found on the official NTP web site, in particular
|
||||
#
|
||||
# http://www.ntp.org/documentation.html
|
||||
#
|
||||
|
||||
# Process ID file, so that the daemon can be signalled from scripts
|
||||
|
||||
pidfile /var/run/ntpd.pid
|
||||
pidfile /var/run/ntpd.pid
|
||||
|
||||
# Don't give up even if the reference time is hugely different. This can
|
||||
# happen if the system was suspended and resumed.
|
||||
|
||||
#tinker panic 0
|
||||
|
||||
# The correction calculated by ntpd(8) for the local system clock's
|
||||
# drift is stored here.
|
||||
|
||||
driftfile /var/db/ntp.drift
|
||||
driftfile /var/db/ntp.drift
|
||||
|
||||
# Suppress the syslog(3) message for each peer synchronization change.
|
||||
|
||||
logconfig -syncstatus
|
||||
logconfig -syncstatus
|
||||
|
||||
# Refuse to set the local clock if there are too few good peers or servers.
|
||||
# This may help minimize disruptions due to network congestion. Don't
|
||||
# do this if you configure only one server!
|
||||
|
||||
tos minsane 2
|
||||
tos minsane 2
|
||||
|
||||
# Set the target and limit for adding servers configured via pool statements
|
||||
# or discovered dynamically via mechanisms such as broadcast and manycast.
|
||||
# Ntpd automatically adds maxclock-1 servers from configured pools, and may
|
||||
# add as many as maxclock*2 if necessary to ensure that at least minclock
|
||||
# servers are providing good consistent time.
|
||||
|
||||
tos minclock 3 maxclock 6
|
||||
|
||||
# Set the number of tries to register with mdns. 0 means never
|
||||
#
|
||||
mdnstries 0
|
||||
|
||||
mdnstries 0
|
||||
|
||||
# New ntpd disables the ntpdc protocol by default, to re-enable uncomment
|
||||
# the following line
|
||||
# enable mode7
|
||||
|
||||
#enable mode7
|
||||
|
||||
# Allow hasty ntpdate clients to avoid rate limiting / kod responses.
|
||||
# The default is 2 seconds between packets from the client.
|
||||
|
||||
#discard minimum 1
|
||||
|
||||
# Access control restrictions.
|
||||
# See /usr/share/doc/html/ntp/accopt.html for syntax.
|
||||
|
|
@ -44,10 +62,13 @@ mdnstries 0
|
|||
#
|
||||
# Some of the more common keywords are:
|
||||
# ignore Deny packets of all kinds.
|
||||
# kod Send "kiss-o'-death" packets if clients exceed rate
|
||||
# limits.
|
||||
# nomodify Deny attempts to modify the state of the server via
|
||||
# ntpq or ntpdc queries.
|
||||
# limited Deny time service if the packet violates the rate limits
|
||||
# established by the discard command. Does not affect ntpq or
|
||||
# ntpdc queries.
|
||||
# kod Send "kiss-o'-death" packets if clients exceed rate limits.
|
||||
# No affect without the limited flag.
|
||||
# nomodify Deny attempts to modify the state of the server via ntpq or
|
||||
# ntpdc queries.
|
||||
# noquery Deny all ntpq and ntpdc queries. Does not affect time
|
||||
# synchronisation.
|
||||
# nopeer Prevent establishing new peer associations.
|
||||
|
|
@ -61,22 +82,26 @@ mdnstries 0
|
|||
# By default, allow client/server time exchange without prior
|
||||
# arrangement, but deny configuration changes, queries, and peer
|
||||
# associations that were not explicitly configured.
|
||||
#
|
||||
restrict default kod limited nopeer noquery
|
||||
|
||||
restrict default limited kod nomodify notrap nopeer noquery
|
||||
|
||||
# Restrictions used for associations (peer, server, pool).
|
||||
|
||||
restrict source nomodify notrap noquery
|
||||
|
||||
# Fewer restrictions for the local subnet.
|
||||
# (Uncomment and adjust as appropriate.)
|
||||
#
|
||||
#restrict 192.0.2.0 mask 255.255.255.0 kod limited nomodify notrap nopeer
|
||||
#restrict 2001:db8:: mask ffff:ffff:: kod limited nomodify notrap nopeer
|
||||
|
||||
#restrict 192.0.2.0 mask 255.255.255.0 limited kod nomodify notrap nopeer
|
||||
#restrict 2001:db8:: mask ffff:ffff:: limited kod nomodify notrap nopeer
|
||||
|
||||
# No restrictions for localhost.
|
||||
#
|
||||
|
||||
restrict 127.0.0.1
|
||||
restrict ::1
|
||||
|
||||
# Hereafter should be "server" or "peer" statements to configure other
|
||||
# hosts to exchange NTP packets with.
|
||||
# Hereafter should be "server", "peer", or "pool" statements to configure
|
||||
# other hosts to exchange NTP packets with.
|
||||
#
|
||||
# See <http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork>
|
||||
# and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers>
|
||||
|
|
@ -92,24 +117,20 @@ restrict ::1
|
|||
# Ideally, you should select at least three other systems to talk NTP
|
||||
# with, for an "what I tell you three times is true" effect.
|
||||
|
||||
#peer an.ntp.peer.goes.here
|
||||
#server an.ntp.server.goes.here
|
||||
#peer an.ntp.peer.goes.here
|
||||
#server an.ntp.server.goes.here
|
||||
|
||||
# The pool.ntp.org project coordinates public time servers provided by
|
||||
# volunteers. See <http://www.pool.ntp.org>. The *.netbsd.pool.ntp.org
|
||||
# servers are intended to be used by default on NetBSD hosts, but
|
||||
# servers that are closer to you are likely to be better. Consider
|
||||
# using servers specific to your country, a nearby country, or your
|
||||
# continent.
|
||||
# servers are intended to be used by default on NetBSD hosts.
|
||||
#
|
||||
# The following pool statement will give you a random set of NTP servers
|
||||
# geographically close to you. A single pool statement adds multiple
|
||||
# servers from the pool, according to the tos minclock/maxclock targets.
|
||||
# The "2" host is used to obtain both IPv4 and IPv6 addresses.
|
||||
#
|
||||
# The pool.ntp.org project needs more volunteers! The only criteria to
|
||||
# join are a nailed-up connection and a static IP address. For details,
|
||||
# see the web page:
|
||||
#
|
||||
# http://www.pool.ntp.org/join.html
|
||||
#
|
||||
# see the web page <http://www.pool.ntp.org/join.html>
|
||||
|
||||
server 0.netbsd.pool.ntp.org
|
||||
server 1.netbsd.pool.ntp.org
|
||||
server 2.netbsd.pool.ntp.org
|
||||
server 3.netbsd.pool.ntp.org
|
||||
pool 2.netbsd.pool.ntp.org iburst
|
||||
|
|
|
|||
Loading…
Reference in New Issue