# $NetBSD: ntp.conf,v 1.20 2017/01/09 20:05:29 christos Exp $ # # NetBSD default Network Time Protocol (NTP) configuration file for ntpd # This file is intended to be both a usable default, and a Quick-Start # Guide. The directives and options listed here are not at all complete. # A great deal of additional documentation, including links to FAQS and # other guides, may be found on the official NTP web site, in particular # # http://www.ntp.org/documentation.html # # Process ID file, so that the daemon can be signalled from scripts pidfile /var/run/ntpd.pid # The correction calculated by ntpd(8) for the local system clock's # drift is stored here. driftfile /var/db/ntp.drift # Suppress the syslog(3) message for each peer synchronization change. logconfig -syncstatus # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't # do this if you configure only one server! tos minsane 2 # Set the number of tries to register with mdns. 0 means never # mdnstries 0 # New ntpd disables the ntpdc protocol by default, to re-enable uncomment # the following line # enable mode7 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing new peer associations. # Does not affect peers configured using "peer" lines. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, allow client/server time exchange without prior # arrangement, but deny configuration changes, queries, and peer # associations that were not explicitly configured. # restrict default kod limited nopeer noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) # #restrict 192.0.2.0 mask 255.255.255.0 kod limited nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod limited nomodify notrap nopeer # No restrictions for localhost. # restrict 127.0.0.1 restrict ::1 # Hereafter should be "server" or "peer" statements to configure other # hosts to exchange NTP packets with. # # See # and # for advice. # # Peers or servers should be selected in such a way that the network # path to them is short, uncongested, and symmetric (that is, the series # of links and routers used to get to the peer is the same one that # the peer uses to get back). The best place to start looking for NTP # peers for your system is within your own network, or at your Internet # Service Provider (ISP). # # Ideally, you should select at least three other systems to talk NTP # with, for an "what I tell you three times is true" effect. #peer an.ntp.peer.goes.here #server an.ntp.server.goes.here # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts, but # servers that are closer to you are likely to be better. Consider # using servers specific to your country, a nearby country, or your # continent. # # The pool.ntp.org project needs more volunteers! The only criteria to # join are a nailed-up connection and a static IP address. For details, # see the web page: # # http://www.pool.ntp.org/join.html # server 0.netbsd.pool.ntp.org server 1.netbsd.pool.ntp.org server 2.netbsd.pool.ntp.org server 3.netbsd.pool.ntp.org