diff --git a/etc/ntp.conf b/etc/ntp.conf index 64edd9377bcc..977295ecd512 100644 --- a/etc/ntp.conf +++ b/etc/ntp.conf @@ -11,28 +11,43 @@ # # -# The following three servers will give you a random set of three -# NTP servers geographically close to you. -# See http://www.pool.ntp.org/ for details. Note, the pool encourages +# Set the target and limit for adding servers configured via pool statements +# or discovered dynamically via mechanisms such as broadcast and manycast. +# Ntpd automatically adds maxclock-1 servers from configured pools, and may +# add as many as maxclock*2 if necessary to ensure that at least minclock +# servers are providing good consistant time. +# +tos minclock 3 maxclock 6 + +# +# The following pool statement will give you a random set of NTP servers +# geographically close to you. A single pool statement adds multiple +# servers from the pool, according to the tos minclock/maxclock targets. +# See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages # users with a static IP and good upstream NTP servers to add a server # to the pool. See http://www.pool.ntp.org/join.html if you are interested. # # The option `iburst' is used for faster initial synchronization. # -server 0.freebsd.pool.ntp.org iburst -server 1.freebsd.pool.ntp.org iburst -server 2.freebsd.pool.ntp.org iburst -#server 3.freebsd.pool.ntp.org iburst +pool 0.freebsd.pool.ntp.org iburst # # If you want to pick yourself which country's public NTP server -# you want sync against, comment out the above servers, uncomment -# the next ones and replace CC with the country's abbreviation. -# Make sure that the hostnames resolve to a proper IP address! +# you want to sync against, comment out the above pool, uncomment +# the next one, and replace CC with the country's abbreviation. +# Make sure that the hostname resolves to a proper IP address! # -# server 0.CC.pool.ntp.org iburst -# server 1.CC.pool.ntp.org iburst -# server 2.CC.pool.ntp.org iburst +# pool 0.CC.pool.ntp.org iburst + +# +# To configure a specific server, such as an organization-wide local +# server, add lines similar to the following. One or more specific +# servers can be configured in addition to, or instead of, any server +# pools specified above. When both are configured, ntpd first adds all +# the specific servers, then adds servers from the pool until the tos +# minclock/maxclock targets are met. +# +#server time.my-internal.org iburst # # Security: @@ -40,11 +55,17 @@ server 2.freebsd.pool.ntp.org iburst # By default, only allow time queries and block all other requests # from unauthenticated clients. # +# The "restrict source" line allows peers to be mobilized when added by +# ntpd from a pool, but does not enable mobilizing a new peer association +# by other dynamic means (broadcast, manycast, ntpq commands, etc). +# # See http://support.ntp.org/bin/view/Support/AccessRestrictions # for more information. # -restrict default limited kod nomodify notrap nopeer noquery -restrict -6 default limited kod nomodify notrap nopeer noquery +restrict default limited kod nomodify notrap noquery nopeer +restrict -6 default limited kod nomodify notrap noquery nopeer +restrict source limited kod nomodify notrap noquery + # # Alternatively, the following rules would block all unauthorized access. # @@ -65,7 +86,6 @@ restrict -6 default limited kod nomodify notrap nopeer noquery # The following settings allow unrestricted access from the localhost restrict 127.0.0.1 restrict -6 ::1 -restrict 127.127.1.0 # # If a server loses sync with all upstream servers, NTP clients