Changeset View
Standalone View
etc/ntp.conf
# | # | ||||
# $FreeBSD$ | # $FreeBSD$ | ||||
# | # | ||||
# Default NTP servers for the FreeBSD operating system. | # Default NTP servers for the FreeBSD operating system. | ||||
# | # | ||||
# Don't forget to enable ntpd in /etc/rc.conf with: | # Don't forget to enable ntpd in /etc/rc.conf with: | ||||
# ntpd_enable="YES" | # ntpd_enable="YES" | ||||
# | # | ||||
# The driftfile is by default /var/db/ntpd.drift, check | # The driftfile is by default /var/db/ntpd.drift, check | ||||
# /etc/defaults/rc.conf on how to change the location. | # /etc/defaults/rc.conf on how to change the location. | ||||
# | # | ||||
# | # | ||||
# The following three servers will give you a random set of three | # The following pool statement will give you a random set of NTP servers | ||||
# NTP servers geographically close to you. | # geographically close to you. | ||||
# See http://www.pool.ntp.org/ for details. Note, the pool encourages | # See http://www.pool.ntp.org/ for details. Note, the pool encourages | ||||
# users with a static IP and good upstream NTP servers to add a server | # users with a static IP and good upstream NTP servers to add a server | ||||
# to the pool. See http://www.pool.ntp.org/join.html if you are interested. | # to the pool. See http://www.pool.ntp.org/join.html if you are interested. | ||||
# | # | ||||
# The option `iburst' is used for faster initial synchronization. | # The option `iburst' is used for faster initial synchronization. | ||||
# | # | ||||
server 0.freebsd.pool.ntp.org iburst | pool 0.freebsd.pool.ntp.org iburst | ||||
delphij: Is the change from 3 (technically there should be 4 for servers) to only 1 intentional?
(Note… | |||||
ianAuthorUnsubmitted Not Done Inline ActionsIt's not a change to 1 server -- because of the "tos minclock 3 maxclock 6" line, ntpd will automatically add 5 servers from freebsd.pool.ntp.org, then if those 5 don't give at least 3 that are providing good time, it will add even more (and eventually drop off the ones that provide lower-quality time). Maybe I should move the "tos" line and its comment to be above the pool statement, so that the comment about automatically getting 3-5 servers is sort of already in scope in your mind when you read the pool comments. To avoid a lot of traffic at startup, ntpd adds servers from the pool in groups of 4, so when it first starts it adds 4 servers and does iburst (8-packet) exchanges with them. After 4 polling cycles (4 minutes, basically), it will add another group of 4 (or as many more needed to reach the goal of at least 3 good out of 5 total). I agree that 4 is a good minimum number of servers. I like 5 a wee bit better because of ntpd's majority rule on leap seconds -- it requires more than half, and the comparison in the code is >, not >=, so 3 out of 4 servers would have to be signaling a leap second to be believed. Having an odd number gives an automatic tie-breaker. ian: It's not a change to 1 server -- because of the "tos minclock 3 maxclock 6" line, ntpd will… | |||||
server 1.freebsd.pool.ntp.org iburst | |||||
server 2.freebsd.pool.ntp.org iburst | |||||
#server 3.freebsd.pool.ntp.org iburst | |||||
# | # | ||||
# If you want to pick yourself which country's public NTP server | # If you want to pick yourself which country's public NTP server | ||||
# you want sync against, comment out the above servers, uncomment | # you want sync against, comment out the above pool, uncomment | ||||
# the next ones and replace CC with the country's abbreviation. | # the next one, and replace CC with the country's abbreviation. | ||||
# Make sure that the hostnames resolve to a proper IP address! | # Make sure that the hostname resolves to a proper IP address! | ||||
# | # | ||||
# server 0.CC.pool.ntp.org iburst | # pool 0.CC.pool.ntp.org iburst | ||||
# server 1.CC.pool.ntp.org iburst | |||||
# server 2.CC.pool.ntp.org iburst | |||||
# | # | ||||
# Ntpd automatically adds maxclock-1 servers from configured pools, and may | |||||
# add as many as maxclock*2 if necessary to ensure that at least minclock | |||||
# servers are providing good consistant time. | |||||
# | |||||
tos minclock 3 maxclock 6 | |||||
# | |||||
# Security: | # Security: | ||||
# | # | ||||
# By default, only allow time queries and block all other requests | # By default, only allow time queries and block all other requests | ||||
# from unauthenticated clients. | # from unauthenticated clients. | ||||
# | # | ||||
# The "restrict source" line allows peers to be mobilized when added by | |||||
# ntpd from a pool, but does not enable mobilizing a new peer association | |||||
# by other dynamic means (broadcast, manycast, ntpq commands, etc). | |||||
# | |||||
# See http://support.ntp.org/bin/view/Support/AccessRestrictions | # See http://support.ntp.org/bin/view/Support/AccessRestrictions | ||||
# for more information. | # for more information. | ||||
# | # | ||||
restrict default limited kod nomodify notrap nopeer noquery | restrict default limited kod nomodify notrap noquery nopeer | ||||
restrict -6 default limited kod nomodify notrap nopeer noquery | restrict -6 default limited kod nomodify notrap noquery nopeer | ||||
restrict source limited kod nomodify notrap noquery | |||||
# | # | ||||
# Alternatively, the following rules would block all unauthorized access. | # Alternatively, the following rules would block all unauthorized access. | ||||
# | # | ||||
#restrict default ignore | #restrict default ignore | ||||
#restrict -6 default ignore | #restrict -6 default ignore | ||||
# | # | ||||
# In this case, all remote NTP time servers also need to be explicitly | # In this case, all remote NTP time servers also need to be explicitly | ||||
# allowed or they would not be able to exchange time information with | # allowed or they would not be able to exchange time information with | ||||
# this server. | # this server. | ||||
# | # | ||||
# Please note that this example doesn't work for the servers in | # Please note that this example doesn't work for the servers in | ||||
# the pool.ntp.org domain since they return multiple A records. | # the pool.ntp.org domain since they return multiple A records. | ||||
# | # | ||||
#restrict 0.pool.ntp.org nomodify nopeer noquery notrap | #restrict 0.pool.ntp.org nomodify nopeer noquery notrap | ||||
#restrict 1.pool.ntp.org nomodify nopeer noquery notrap | #restrict 1.pool.ntp.org nomodify nopeer noquery notrap | ||||
#restrict 2.pool.ntp.org nomodify nopeer noquery notrap | #restrict 2.pool.ntp.org nomodify nopeer noquery notrap | ||||
# | # | ||||
# The following settings allow unrestricted access from the localhost | # The following settings allow unrestricted access from the localhost | ||||
restrict 127.0.0.1 | restrict 127.0.0.1 | ||||
restrict -6 ::1 | restrict -6 ::1 | ||||
restrict 127.127.1.0 | |||||
# | # | ||||
# If a server loses sync with all upstream servers, NTP clients | # If a server loses sync with all upstream servers, NTP clients | ||||
# no longer follow that server. The local clock can be configured | # no longer follow that server. The local clock can be configured | ||||
# to provide a time source when this happens, but it should usually | # to provide a time source when this happens, but it should usually | ||||
# be configured on just one server on a network. For more details see | # be configured on just one server on a network. For more details see | ||||
# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock | # http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock | ||||
# The use of Orphan Mode may be preferable. | # The use of Orphan Mode may be preferable. | ||||
Show All 10 Lines |
Is the change from 3 (technically there should be 4 for servers) to only 1 intentional?
(Note that I noticed that recent ntp versions is not working very well with pool configuration, but didn't get a chance to trace that down yet).