# # $FreeBSD: releng/12.1/usr.sbin/ntp/ntpd/ntp.conf 337649 2018-08-11 17:42:42Z brd $ # # Default NTP servers for the FreeBSD operating system. # # Don't forget to enable ntpd in /etc/rc.conf with: # ntpd_enable="YES" # # The driftfile is by default /var/db/ntpd.drift, check # /etc/defaults/rc.conf on how to change the location. # # # Set the target and limit for adding servers configured via pool statements # or discovered dynamically via mechanisms such as broadcast and manycast. # Ntpd automatically adds maxclock-1 servers from configured pools, and may # add as many as maxclock*2 if necessary to ensure that at least minclock # servers are providing good consistant time. # tos minclock 3 maxclock 6 # # The following pool statement will give you a random set of NTP servers # geographically close to you. A single pool statement adds multiple # servers from the pool, according to the tos minclock/maxclock targets. # See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages # users with a static IP and good upstream NTP servers to add a server # to the pool. See http://www.pool.ntp.org/join.html if you are interested. # # The option `iburst' is used for faster initial synchronization. # pool 0.freebsd.pool.ntp.org iburst # # If you want to pick yourself which country's public NTP server # you want to sync against, comment out the above pool, uncomment # the next one, and replace CC with the country's abbreviation. # Make sure that the hostname resolves to a proper IP address! # # pool 0.CC.pool.ntp.org iburst # # To configure a specific server, such as an organization-wide local # server, add lines similar to the following. One or more specific # servers can be configured in addition to, or instead of, any server # pools specified above. When both are configured, ntpd first adds all # the specific servers, then adds servers from the pool until the tos # minclock/maxclock targets are met. # #server time.my-internal.org iburst # # Security: # # By default, only allow time queries and block all other requests # from unauthenticated clients. # # The "restrict source" line allows peers to be mobilized when added by # ntpd from a pool, but does not enable mobilizing a new peer association # by other dynamic means (broadcast, manycast, ntpq commands, etc). # # See http://support.ntp.org/bin/view/Support/AccessRestrictions # for more information. # restrict default limited kod nomodify notrap noquery nopeer restrict source limited kod nomodify notrap noquery # # Alternatively, the following rules would block all unauthorized access. # #restrict default ignore # # In this case, all remote NTP time servers also need to be explicitly # allowed or they would not be able to exchange time information with # this server. # # Please note that this example doesn't work for the servers in # the pool.ntp.org domain since they return multiple A records. # #restrict 0.pool.ntp.org nomodify nopeer noquery notrap #restrict 1.pool.ntp.org nomodify nopeer noquery notrap #restrict 2.pool.ntp.org nomodify nopeer noquery notrap # # The following settings allow unrestricted access from the localhost restrict 127.0.0.1 restrict ::1 # # If a server loses sync with all upstream servers, NTP clients # no longer follow that server. The local clock can be configured # to provide a time source when this happens, but it should usually # be configured on just one server on a network. For more details see # http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock # The use of Orphan Mode may be preferable. # #server 127.127.1.0 #fudge 127.127.1.0 stratum 10 # See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14. # for documentation regarding leapfile. Updates to the file can be obtained # from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. # Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db. #leapfile "/etc/ntp/leap-seconds" leapfile "/var/db/ntpd.leap-seconds.list"