xref: /freebsd/usr.sbin/ntp/ntpd/ntp.conf (revision 4543ef516683042d46f3bd3bb8a4f3f746e00499) 
1#
2#
3# Default NTP servers for the FreeBSD operating system.
4#
5# Don't forget to enable ntpd in /etc/rc.conf with:
6# ntpd_enable="YES"
7#
8# The driftfile is by default /var/db/ntpd.drift, check
9# /etc/defaults/rc.conf on how to change the location.
10#
11
12#
13# Set the target and limit for adding servers configured via pool statements
14# or discovered dynamically via mechanisms such as broadcast and manycast.
15# Ntpd automatically adds maxclock-1 servers from configured pools, and may
16# add as many as maxclock*2 if necessary to ensure that at least minclock
17# servers are providing good consistent time.
18#
19tos minclock 3 maxclock 6
20
21#
22# The following pool statements will give you a random set of IPv4 and IPv6
23# NTP servers geographically close to you.  A single pool statement adds
24# multiple servers from the pool, according to the tos minclock/maxclock
25# targets.
26# See http://www.pool.ntp.org/ for details.  Note, pool.ntp.org encourages
27# users with a static IP and good upstream NTP servers to add a server
28# to the pool.  See http://www.pool.ntp.org/join.html if you are interested.
29#
30# The option `iburst' is used for faster initial synchronization.
31#
32pool 0.freebsd.pool.ntp.org iburst
33pool 2.freebsd.pool.ntp.org iburst
34
35#
36# If you want to pick yourself which country's public NTP server
37# you want to sync against, comment out the above pool statements,
38# uncomment the next ones, and replace CC with the country's abbreviation.
39# Make sure that the hostnames resolves to a proper IP address!
40#
41# pool 0.CC.pool.ntp.org iburst
42# pool 2.CC.pool.ntp.org iburst
43
44#
45# To configure a specific server, such as an organization-wide local
46# server, add lines similar to the following.  One or more specific
47# servers can be configured in addition to, or instead of, any server
48# pools specified above.  When both are configured, ntpd first adds all
49# the specific servers, then adds servers from the pool until the tos
50# minclock/maxclock targets are met.
51#
52#server time.my-internal.org iburst
53
54#
55# Security:
56#
57# By default, only allow time queries and block all other requests
58# from unauthenticated clients.
59#
60# The "restrict source" line allows peers to be mobilized when added by
61# ntpd from a pool, but does not enable mobilizing a new peer association
62# by other dynamic means (broadcast, manycast, ntpq commands, etc).
63#
64# See http://support.ntp.org/bin/view/Support/AccessRestrictions
65# for more information.
66#
67restrict default limited kod nomodify notrap noquery nopeer
68restrict source  limited kod nomodify notrap noquery
69
70#
71# Alternatively, the following rules would block all unauthorized access.
72#
73#restrict default ignore
74#
75# In this case, all remote NTP time servers also need to be explicitly
76# allowed or they would not be able to exchange time information with
77# this server.
78#
79# Please note that this example doesn't work for the servers in
80# the pool.ntp.org domain since they return multiple A records.
81#
82#restrict 0.pool.ntp.org nomodify nopeer noquery notrap
83#restrict 1.pool.ntp.org nomodify nopeer noquery notrap
84#restrict 2.pool.ntp.org nomodify nopeer noquery notrap
85#
86# The following settings allow unrestricted access from the localhost
87restrict 127.0.0.1
88restrict ::1
89
90#
91# If a server loses sync with all upstream servers, NTP clients
92# no longer follow that server. The local clock can be configured
93# to provide a time source when this happens, but it should usually
94# be configured on just one server on a network. For more details see
95# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock
96# The use of Orphan Mode may be preferable.
97#
98#server 127.127.1.0
99#fudge 127.127.1.0 stratum 10
100
101# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
102# for documentation regarding leapfile. Updates to the file can be obtained
103# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
104# Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db.
105#leapfile "/etc/ntp/leap-seconds"
106leapfile "/var/db/ntpd.leap-seconds.list"
107
108# Specify the number of megabytes of memory that should be allocated and
109# locked. -1 (default) means "do not lock the process into memory".
110# 0 means "lock whatever memory the process wants into memory". Any other
111# number means to lock up to that number of megabytes into memory.
112# 0 may result in a segfault when ASLR with stack gap randomization
113# is enabled.
114#rlimit memlock 32
115