xref: /freebsd/usr.sbin/ntp/ntpd/ntp.conf (revision 7ef62cebc2f965b0f640263e179276928885e33d) 
1#
2# $FreeBSD$
3#
4# Default NTP servers for the FreeBSD operating system.
5#
6# Don't forget to enable ntpd in /etc/rc.conf with:
7# ntpd_enable="YES"
8#
9# The driftfile is by default /var/db/ntpd.drift, check
10# /etc/defaults/rc.conf on how to change the location.
11#
12
13#
14# Set the target and limit for adding servers configured via pool statements
15# or discovered dynamically via mechanisms such as broadcast and manycast.
16# Ntpd automatically adds maxclock-1 servers from configured pools, and may
17# add as many as maxclock*2 if necessary to ensure that at least minclock
18# servers are providing good consistent time.
19#
20tos minclock 3 maxclock 6
21
22#
23# The following pool statements will give you a random set of IPv4 and IPv6
24# NTP servers geographically close to you.  A single pool statement adds
25# multiple servers from the pool, according to the tos minclock/maxclock
26# targets.
27# See http://www.pool.ntp.org/ for details.  Note, pool.ntp.org encourages
28# users with a static IP and good upstream NTP servers to add a server
29# to the pool.  See http://www.pool.ntp.org/join.html if you are interested.
30#
31# The option `iburst' is used for faster initial synchronization.
32#
33pool 0.freebsd.pool.ntp.org iburst
34pool 2.freebsd.pool.ntp.org iburst
35
36#
37# If you want to pick yourself which country's public NTP server
38# you want to sync against, comment out the above pool statements,
39# uncomment the next ones, and replace CC with the country's abbreviation.
40# Make sure that the hostnames resolves to a proper IP address!
41#
42# pool 0.CC.pool.ntp.org iburst
43# pool 2.CC.pool.ntp.org iburst
44
45#
46# To configure a specific server, such as an organization-wide local
47# server, add lines similar to the following.  One or more specific
48# servers can be configured in addition to, or instead of, any server
49# pools specified above.  When both are configured, ntpd first adds all
50# the specific servers, then adds servers from the pool until the tos
51# minclock/maxclock targets are met.
52#
53#server time.my-internal.org iburst
54
55#
56# Security:
57#
58# By default, only allow time queries and block all other requests
59# from unauthenticated clients.
60#
61# The "restrict source" line allows peers to be mobilized when added by
62# ntpd from a pool, but does not enable mobilizing a new peer association
63# by other dynamic means (broadcast, manycast, ntpq commands, etc).
64#
65# See http://support.ntp.org/bin/view/Support/AccessRestrictions
66# for more information.
67#
68restrict default limited kod nomodify notrap noquery nopeer
69restrict source  limited kod nomodify notrap noquery
70
71#
72# Alternatively, the following rules would block all unauthorized access.
73#
74#restrict default ignore
75#
76# In this case, all remote NTP time servers also need to be explicitly
77# allowed or they would not be able to exchange time information with
78# this server.
79#
80# Please note that this example doesn't work for the servers in
81# the pool.ntp.org domain since they return multiple A records.
82#
83#restrict 0.pool.ntp.org nomodify nopeer noquery notrap
84#restrict 1.pool.ntp.org nomodify nopeer noquery notrap
85#restrict 2.pool.ntp.org nomodify nopeer noquery notrap
86#
87# The following settings allow unrestricted access from the localhost
88restrict 127.0.0.1
89restrict ::1
90
91#
92# If a server loses sync with all upstream servers, NTP clients
93# no longer follow that server. The local clock can be configured
94# to provide a time source when this happens, but it should usually
95# be configured on just one server on a network. For more details see
96# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock
97# The use of Orphan Mode may be preferable.
98#
99#server 127.127.1.0
100#fudge 127.127.1.0 stratum 10
101
102# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
103# for documentation regarding leapfile. Updates to the file can be obtained
104# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
105# Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db.
106#leapfile "/etc/ntp/leap-seconds"
107leapfile "/var/db/ntpd.leap-seconds.list"
108
109# Specify the number of megabytes of memory that should be allocated and
110# locked. -1 (default) means "do not lock the process into memory".
111# 0 means "lock whatever memory the process wants into memory". Any other
112# number means to lock up to that number of megabytes into memory.
113# 0 may result in a segfault when ASLR with stack gap randomization
114# is enabled.
115#rlimit memlock 32
116