mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-15 14:56:13 +01:00
e530f4b50d
This NTP configuration file points to the [012].pool.ntp.org servers, which will return a list of geographical local NTP servers. It uses the best-practice options of "iburst" and "maxpoll 9". It gives examples on how to use the "restrict" commands, which are unfortunately not working when you use the pool.ntp.org servers. It sets up a fudge server so any clients syncing against this server will always be synced even if we lose the master. The idea of this file was briefly discussed on -net. PR: conf/58595 Submitted by: Chris Stenton <jacs@gnome.co.uk> MFC after: 1 week
60 lines
2.0 KiB
Plaintext
60 lines
2.0 KiB
Plaintext
#
|
|
# $FreeBSD$
|
|
#
|
|
# Default NTP servers for the FreeBSD operating system.
|
|
#
|
|
# Don't forget to enable ntpd in /etc/rc.conf with:
|
|
# ntpd_enable="YES"
|
|
#
|
|
# The driftfile is by default /var/db/ntpd.drift, check
|
|
# /etc/defaults/rc.conf on how to change the location.
|
|
#
|
|
|
|
#
|
|
# The following three servers will give you a random set of three
|
|
# NTP servers geographically close to you.
|
|
# See http://en.wikipedia.org/wiki/NTP_pool for details.
|
|
#
|
|
# The option `iburst' is used for faster initial synchronisation.
|
|
# The option `maxpoll 9' is used to prevent PLL/FLL flipping on FreeBSD.
|
|
#
|
|
server 0.pool.ntp.org iburst maxpoll 9
|
|
server 1.pool.ntp.org iburst maxpoll 9
|
|
server 2.pool.ntp.org iburst maxpoll 9
|
|
|
|
#
|
|
# If you want to pick yourself which country's public NTP server
|
|
# you want sync against, comment out the above servers, uncomment
|
|
# the next ones and replace CC with the country's abbrevation.
|
|
# Make sure that the hostnames resolve to a proper IP address!
|
|
#
|
|
# server 0.CC.pool.ntp.org iburst maxpoll 9
|
|
# server 1.CC.pool.ntp.org iburst maxpoll 9
|
|
# server 2.CC.pool.ntp.org iburst maxpoll 9
|
|
|
|
#
|
|
# Security: Only accept NTP traffic from the following hosts.
|
|
# The following configuration example only accepts traffic from the
|
|
# above defined servers.
|
|
#
|
|
# Please note that this example doesn't work for the servers in
|
|
# the pool.ntp.org domain since they return multiple A records.
|
|
# (This is the reason that by default they are commented out)
|
|
#
|
|
#restrict default ignore
|
|
#restrict 0.pool.ntp.org nomodify nopeer noquery notrap
|
|
#restrict 1.pool.ntp.org nomodify nopeer noquery notrap
|
|
#restrict 2.pool.ntp.org nomodify nopeer noquery notrap
|
|
#restrict 127.0.0.1
|
|
#restrict -6 ::1
|
|
#restrict 127.127.1.0
|
|
|
|
#
|
|
# If we lose sync against all configured servers, the NTP clients
|
|
# syncing against this server will lose sync too. To overcome this,
|
|
# we will act as a stratum 10 server with our own internal clock
|
|
# so that everybody at least will have the same time as we have.
|
|
#
|
|
server 127.127.1.0
|
|
fudge 127.127.1.0 stratum 10
|