Index: head/etc/ntp.conf =================================================================== --- head/etc/ntp.conf (revision 311102) +++ head/etc/ntp.conf (revision 311103) @@ -1,86 +1,106 @@ # # $FreeBSD$ # # Default NTP servers for the FreeBSD operating system. # # Don't forget to enable ntpd in /etc/rc.conf with: # ntpd_enable="YES" # # The driftfile is by default /var/db/ntpd.drift, check # /etc/defaults/rc.conf on how to change the location. # # -# The following three servers will give you a random set of three -# NTP servers geographically close to you. -# See http://www.pool.ntp.org/ for details. Note, the pool encourages +# Set the target and limit for adding servers configured via pool statements +# or discovered dynamically via mechanisms such as broadcast and manycast. +# Ntpd automatically adds maxclock-1 servers from configured pools, and may +# add as many as maxclock*2 if necessary to ensure that at least minclock +# servers are providing good consistant time. +# +tos minclock 3 maxclock 6 + +# +# The following pool statement will give you a random set of NTP servers +# geographically close to you. A single pool statement adds multiple +# servers from the pool, according to the tos minclock/maxclock targets. +# See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages # users with a static IP and good upstream NTP servers to add a server # to the pool. See http://www.pool.ntp.org/join.html if you are interested. # # The option `iburst' is used for faster initial synchronization. # -server 0.freebsd.pool.ntp.org iburst -server 1.freebsd.pool.ntp.org iburst -server 2.freebsd.pool.ntp.org iburst -#server 3.freebsd.pool.ntp.org iburst +pool 0.freebsd.pool.ntp.org iburst # # If you want to pick yourself which country's public NTP server -# you want sync against, comment out the above servers, uncomment -# the next ones and replace CC with the country's abbreviation. -# Make sure that the hostnames resolve to a proper IP address! +# you want to sync against, comment out the above pool, uncomment +# the next one, and replace CC with the country's abbreviation. +# Make sure that the hostname resolves to a proper IP address! # -# server 0.CC.pool.ntp.org iburst -# server 1.CC.pool.ntp.org iburst -# server 2.CC.pool.ntp.org iburst +# pool 0.CC.pool.ntp.org iburst # +# To configure a specific server, such as an organization-wide local +# server, add lines similar to the following. One or more specific +# servers can be configured in addition to, or instead of, any server +# pools specified above. When both are configured, ntpd first adds all +# the specific servers, then adds servers from the pool until the tos +# minclock/maxclock targets are met. +# +#server time.my-internal.org iburst + +# # Security: # # By default, only allow time queries and block all other requests # from unauthenticated clients. # +# The "restrict source" line allows peers to be mobilized when added by +# ntpd from a pool, but does not enable mobilizing a new peer association +# by other dynamic means (broadcast, manycast, ntpq commands, etc). +# # See http://support.ntp.org/bin/view/Support/AccessRestrictions # for more information. # -restrict default limited kod nomodify notrap nopeer noquery -restrict -6 default limited kod nomodify notrap nopeer noquery +restrict default limited kod nomodify notrap noquery nopeer +restrict -6 default limited kod nomodify notrap noquery nopeer +restrict source limited kod nomodify notrap noquery + # # Alternatively, the following rules would block all unauthorized access. # #restrict default ignore #restrict -6 default ignore # # In this case, all remote NTP time servers also need to be explicitly # allowed or they would not be able to exchange time information with # this server. # # Please note that this example doesn't work for the servers in # the pool.ntp.org domain since they return multiple A records. # #restrict 0.pool.ntp.org nomodify nopeer noquery notrap #restrict 1.pool.ntp.org nomodify nopeer noquery notrap #restrict 2.pool.ntp.org nomodify nopeer noquery notrap # # The following settings allow unrestricted access from the localhost restrict 127.0.0.1 restrict -6 ::1 -restrict 127.127.1.0 # # If a server loses sync with all upstream servers, NTP clients # no longer follow that server. The local clock can be configured # to provide a time source when this happens, but it should usually # be configured on just one server on a network. For more details see # http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock # The use of Orphan Mode may be preferable. # #server 127.127.1.0 #fudge 127.127.1.0 stratum 10 # See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14. # for documentation regarding leapfile. Updates to the file can be obtained # from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. # Use either leapfile in /etc/ntp or weekly updated leapfile in /var/db. #leapfile "/etc/ntp/leap-seconds" leapfile "/var/db/ntpd.leap-seconds.list"