# $NetBSD: ntp.conf,v 1.22 2020/10/05 06:45:40 kim Exp $ # # NetBSD default Network Time Protocol (NTP) configuration file for ntpd # This file is intended to be both a usable default, and a Quick-Start # Guide. The directives and options listed here are not at all complete. # A great deal of additional documentation, including links to FAQS and # other guides, may be found on the official NTP web site, in particular # # http://www.ntp.org/documentation.html # Process ID file, so that the daemon can be signalled from scripts pidfile /var/run/ntpd.pid # Don't give up even if the reference time is hugely different. This can # happen if the system was suspended and resumed. #tinker panic 0 # The correction calculated by ntpd(8) for the local system clock's # drift is stored here. driftfile /var/db/ntp.drift # Suppress the syslog(3) message for each peer synchronization change. logconfig -syncstatus # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't # do this if you configure only one server! tos minsane 2 # Set the target and limit for adding servers configured via pool statements # or discovered dynamically via mechanisms such as broadcast and manycast. # Ntpd automatically adds maxclock-1 servers from configured pools, and may # add as many as maxclock*2 if necessary to ensure that at least minclock # servers are providing good consistent time. tos minclock 3 maxclock 6 # Set the number of tries to register with mdns. 0 means never mdnstries 0 # New ntpd disables the ntpdc protocol by default, to re-enable uncomment # the following line #enable mode7 # Allow hasty ntpdate clients to avoid rate limiting / kod responses. # The default is 2 seconds between packets from the client. #discard minimum 1 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # limited Deny time service if the packet violates the rate limits # established by the discard command. Does not affect ntpq or # ntpdc queries. # kod Send "kiss-o'-death" packets if clients exceed rate limits. # No affect without the limited flag. # nomodify Deny attempts to modify the state of the server via ntpq or # ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing new peer associations. # Does not affect peers configured using "peer" lines. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, allow client/server time exchange without prior # arrangement, but deny configuration changes, queries, and peer # associations that were not explicitly configured. restrict default limited kod nomodify notrap nopeer noquery # Restrictions used for associations (peer, server, pool). restrict source nomodify notrap noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) #restrict 192.0.2.0 mask 255.255.255.0 limited kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: limited kod nomodify notrap nopeer # No restrictions for localhost. restrict 127.0.0.1 restrict ::1 # Hereafter should be "server", "peer", or "pool" statements to configure # other hosts to exchange NTP packets with. # # See # and # for advice. # # Peers or servers should be selected in such a way that the network # path to them is short, uncongested, and symmetric (that is, the series # of links and routers used to get to the peer is the same one that # the peer uses to get back). The best place to start looking for NTP # peers for your system is within your own network, or at your Internet # Service Provider (ISP). # # Ideally, you should select at least three other systems to talk NTP # with, for an "what I tell you three times is true" effect. #peer an.ntp.peer.goes.here iburst #server an.ntp.server.goes.here iburst # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts. # # The following pool statement will give you a random set of NTP servers # geographically close to you. A single pool statement adds multiple # servers from the pool, according to the tos minclock/maxclock targets. # The "2" host is used to obtain both IPv4 and IPv6 addresses. # # The pool.ntp.org project needs more volunteers! The only criteria to # join are a nailed-up connection and a static IP address. For details, # see the web page pool 2.netbsd.pool.ntp.org iburst