HardenedBSD/etc/ntp.conf
Edwin Groothuis e530f4b50d Welcome to a default installed /etc/ntp.conf
This NTP configuration file points to the [012].pool.ntp.org servers,
which will return a list of geographical local NTP servers.
It uses the best-practice options of "iburst" and "maxpoll 9".
It gives examples on how to use the "restrict" commands, which are
unfortunately not working when you use the pool.ntp.org servers.
It sets up a fudge server so any clients syncing against this server
will always be synced even if we lose the master.

The idea of this file was briefly discussed on -net.

PR:		conf/58595
Submitted by:	Chris Stenton <jacs@gnome.co.uk>
MFC after:	1 week
2009-06-07 13:26:57 +00:00

60 lines
2.0 KiB
Plaintext

#
# $FreeBSD$
#
# Default NTP servers for the FreeBSD operating system.
#
# Don't forget to enable ntpd in /etc/rc.conf with:
# ntpd_enable="YES"
#
# The driftfile is by default /var/db/ntpd.drift, check
# /etc/defaults/rc.conf on how to change the location.
#
#
# The following three servers will give you a random set of three
# NTP servers geographically close to you.
# See http://en.wikipedia.org/wiki/NTP_pool for details.
#
# The option `iburst' is used for faster initial synchronisation.
# The option `maxpoll 9' is used to prevent PLL/FLL flipping on FreeBSD.
#
server 0.pool.ntp.org iburst maxpoll 9
server 1.pool.ntp.org iburst maxpoll 9
server 2.pool.ntp.org iburst maxpoll 9
#
# If you want to pick yourself which country's public NTP server
# you want sync against, comment out the above servers, uncomment
# the next ones and replace CC with the country's abbrevation.
# Make sure that the hostnames resolve to a proper IP address!
#
# server 0.CC.pool.ntp.org iburst maxpoll 9
# server 1.CC.pool.ntp.org iburst maxpoll 9
# server 2.CC.pool.ntp.org iburst maxpoll 9
#
# Security: Only accept NTP traffic from the following hosts.
# The following configuration example only accepts traffic from the
# above defined servers.
#
# Please note that this example doesn't work for the servers in
# the pool.ntp.org domain since they return multiple A records.
# (This is the reason that by default they are commented out)
#
#restrict default ignore
#restrict 0.pool.ntp.org nomodify nopeer noquery notrap
#restrict 1.pool.ntp.org nomodify nopeer noquery notrap
#restrict 2.pool.ntp.org nomodify nopeer noquery notrap
#restrict 127.0.0.1
#restrict -6 ::1
#restrict 127.127.1.0
#
# If we lose sync against all configured servers, the NTP clients
# syncing against this server will lose sync too. To overcome this,
# we will act as a stratum 10 server with our own internal clock
# so that everybody at least will have the same time as we have.
#
server 127.127.1.0
fudge 127.127.1.0 stratum 10