head 1.23; access; symbols netbsd-10-0-RELEASE:1.23 netbsd-10-0-RC6:1.23 netbsd-10-0-RC5:1.23 netbsd-10-0-RC4:1.23 netbsd-10-0-RC3:1.23 netbsd-10-0-RC2:1.23 netbsd-10-0-RC1:1.23 netbsd-10:1.23.0.2 netbsd-10-base:1.23 netbsd-9-3-RELEASE:1.20.16.1 cjep_sun2x-base1:1.22 cjep_sun2x:1.22.0.4 cjep_sun2x-base:1.22 cjep_staticlib_x-base1:1.22 netbsd-9-2-RELEASE:1.20.16.1 cjep_staticlib_x:1.22.0.2 cjep_staticlib_x-base:1.22 netbsd-9-1-RELEASE:1.20.16.1 phil-wifi-20200421:1.20 phil-wifi-20200411:1.20 is-mlppp:1.20.0.18 is-mlppp-base:1.20 phil-wifi-20200406:1.20 netbsd-8-2-RELEASE:1.20 netbsd-9-0-RELEASE:1.20 netbsd-9-0-RC2:1.20 netbsd-9-0-RC1:1.20 phil-wifi-20191119:1.20 netbsd-9:1.20.0.16 netbsd-9-base:1.20 phil-wifi-20190609:1.20 netbsd-8-1-RELEASE:1.20 netbsd-8-1-RC1:1.20 pgoyette-compat-merge-20190127:1.20 pgoyette-compat-20190127:1.20 pgoyette-compat-20190118:1.20 pgoyette-compat-1226:1.20 pgoyette-compat-1126:1.20 pgoyette-compat-1020:1.20 pgoyette-compat-0930:1.20 pgoyette-compat-0906:1.20 netbsd-7-2-RELEASE:1.19 pgoyette-compat-0728:1.20 netbsd-8-0-RELEASE:1.20 phil-wifi:1.20.0.14 phil-wifi-base:1.20 pgoyette-compat-0625:1.20 netbsd-8-0-RC2:1.20 pgoyette-compat-0521:1.20 pgoyette-compat-0502:1.20 pgoyette-compat-0422:1.20 netbsd-8-0-RC1:1.20 pgoyette-compat-0415:1.20 pgoyette-compat-0407:1.20 pgoyette-compat-0330:1.20 pgoyette-compat-0322:1.20 pgoyette-compat-0315:1.20 netbsd-7-1-2-RELEASE:1.19 pgoyette-compat:1.20.0.12 pgoyette-compat-base:1.20 netbsd-7-1-1-RELEASE:1.19 matt-nb8-mediatek:1.20.0.10 matt-nb8-mediatek-base:1.20 perseant-stdc-iso10646:1.20.0.8 perseant-stdc-iso10646-base:1.20 netbsd-8:1.20.0.6 netbsd-8-base:1.20 prg-localcount2-base3:1.20 prg-localcount2-base2:1.20 prg-localcount2-base1:1.20 prg-localcount2:1.20.0.4 prg-localcount2-base:1.20 pgoyette-localcount-20170426:1.20 bouyer-socketcan-base1:1.20 pgoyette-localcount-20170320:1.20 netbsd-7-1:1.19.0.12 netbsd-7-1-RELEASE:1.19 netbsd-7-1-RC2:1.19 netbsd-7-nhusb-base-20170116:1.19 bouyer-socketcan:1.20.0.2 bouyer-socketcan-base:1.20 pgoyette-localcount-20170107:1.19 netbsd-7-1-RC1:1.19 pgoyette-localcount-20161104:1.19 netbsd-7-0-2-RELEASE:1.19 localcount-20160914:1.19 netbsd-7-nhusb:1.19.0.10 netbsd-7-nhusb-base:1.19 pgoyette-localcount-20160806:1.19 pgoyette-localcount-20160726:1.19 pgoyette-localcount:1.19.0.8 pgoyette-localcount-base:1.19 netbsd-7-0-1-RELEASE:1.19 netbsd-7-0:1.19.0.6 netbsd-7-0-RELEASE:1.19 netbsd-7-0-RC3:1.19 netbsd-7-0-RC2:1.19 netbsd-7-0-RC1:1.19 netbsd-5-2-3-RELEASE:1.9.36.1 netbsd-5-1-5-RELEASE:1.9.28.1 netbsd-6-0-6-RELEASE:1.14.8.1 netbsd-6-1-5-RELEASE:1.14.16.1 netbsd-7:1.19.0.4 netbsd-7-base:1.19 yamt-pagecache-base9:1.19 yamt-pagecache-tag8:1.12.2.1 netbsd-6-1-4-RELEASE:1.14.16.1 netbsd-6-0-5-RELEASE:1.14.8.1 tls-earlyentropy:1.19.0.2 tls-earlyentropy-base:1.19 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.19 riastradh-drm2-base3:1.19 netbsd-6-1-3-RELEASE:1.14.16.1 netbsd-6-0-4-RELEASE:1.14.8.1 netbsd-5-2-2-RELEASE:1.9.36.1 netbsd-5-1-4-RELEASE:1.9.28.1 netbsd-6-1-2-RELEASE:1.14 netbsd-6-0-3-RELEASE:1.14 netbsd-5-2-1-RELEASE:1.9 netbsd-5-1-3-RELEASE:1.9 netbsd-6-1-1-RELEASE:1.14 riastradh-drm2-base2:1.14 riastradh-drm2-base1:1.14 riastradh-drm2:1.14.0.10 riastradh-drm2-base:1.14 netbsd-6-1:1.14.0.16 netbsd-6-0-2-RELEASE:1.14 netbsd-6-1-RELEASE:1.14 khorben-n900:1.14.0.14 netbsd-6-1-RC4:1.14 netbsd-6-1-RC3:1.14 agc-symver:1.14.0.12 agc-symver-base:1.14 netbsd-6-1-RC2:1.14 netbsd-6-1-RC1:1.14 yamt-pagecache-base8:1.14 netbsd-5-2:1.9.0.36 netbsd-6-0-1-RELEASE:1.14 yamt-pagecache-base7:1.14 netbsd-5-2-RELEASE:1.9 netbsd-5-2-RC1:1.9 matt-nb6-plus-nbase:1.14 yamt-pagecache-base6:1.14 netbsd-6-0:1.14.0.8 netbsd-6-0-RELEASE:1.14 netbsd-6-0-RC2:1.14 tls-maxphys:1.14.0.6 tls-maxphys-base:1.19 matt-nb6-plus:1.14.0.4 matt-nb6-plus-base:1.14 netbsd-6-0-RC1:1.14 yamt-pagecache-base5:1.14 yamt-pagecache-base4:1.14 netbsd-6:1.14.0.2 netbsd-6-base:1.14 netbsd-5-1-2-RELEASE:1.9 netbsd-5-1-1-RELEASE:1.9 yamt-pagecache-base3:1.12 yamt-pagecache-base2:1.12 yamt-pagecache:1.12.0.2 yamt-pagecache-base:1.12 cherry-xenmp:1.9.0.34 cherry-xenmp-base:1.9 bouyer-quota2-nbase:1.9 bouyer-quota2:1.9.0.32 bouyer-quota2-base:1.9 matt-mips64-premerge-20101231:1.9 matt-nb5-mips64-premerge-20101231:1.9 matt-nb5-pq3:1.9.0.30 matt-nb5-pq3-base:1.9 netbsd-5-1:1.9.0.28 netbsd-5-1-RELEASE:1.9 netbsd-5-1-RC4:1.9 matt-nb5-mips64-k15:1.9 netbsd-5-1-RC3:1.9 netbsd-5-1-RC2:1.9 netbsd-5-1-RC1:1.9 netbsd-5-0-2-RELEASE:1.9 matt-nb5-mips64-premerge-20091211:1.9 matt-premerge-20091211:1.9 matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.9 matt-nb4-mips64-k7-u2a-k9b:1.9 matt-nb5-mips64-u1-k1-k5:1.9 matt-nb5-mips64:1.9.0.26 netbsd-5-0-1-RELEASE:1.9 jym-xensuspend-nbase:1.9 netbsd-5-0:1.9.0.24 netbsd-5-0-RELEASE:1.9 netbsd-5-0-RC4:1.9 netbsd-5-0-RC3:1.9 netbsd-5-0-RC2:1.9 jym-xensuspend:1.9.0.22 jym-xensuspend-base:1.9 netbsd-5-0-RC1:1.9 mjf-devfs2-base2:1.9 netbsd-5:1.9.0.20 netbsd-5-base:1.9 matt-mips64-base2:1.9 matt-mips64:1.9.0.18 netbsd-4-0-1-RELEASE:1.8 wrstuden-revivesa-base-3:1.9 wrstuden-revivesa-base-2:1.9 wrstuden-fixsa-newbase:1.8 wrstuden-revivesa-base-1:1.9 yamt-pf42-base4:1.9 yamt-pf42-base3:1.9 hpcarm-cleanup-nbase:1.9 yamt-pf42-baseX:1.9 yamt-pf42-base2:1.9 wrstuden-revivesa:1.9.0.16 wrstuden-revivesa-base:1.9 yamt-pf42:1.9.0.14 yamt-pf42-base:1.9 mjf-devfs2:1.9.0.12 mjf-devfs2-base:1.9 keiichi-mipv6:1.9.0.10 keiichi-mipv6-base:1.9 mjf-devfs:1.9.0.8 mjf-devfs-base:1.9 matt-armv6-nbase:1.9 matt-armv6-prevmlocking:1.9 wrstuden-fixsa-base-1:1.8 netbsd-4-0:1.8.0.20 netbsd-4-0-RELEASE:1.8 cube-autoconf:1.9.0.6 cube-autoconf-base:1.9 netbsd-4-0-RC5:1.8 netbsd-4-0-RC4:1.8 netbsd-4-0-RC3:1.8 netbsd-4-0-RC2:1.8 netbsd-4-0-RC1:1.8 matt-armv6:1.9.0.4 matt-armv6-base:1.9 matt-mips64-base:1.9 hpcarm-cleanup:1.9.0.2 hpcarm-cleanup-base:1.9 netbsd-3-1-1-RELEASE:1.8 netbsd-3-0-3-RELEASE:1.8 wrstuden-fixsa:1.8.0.18 wrstuden-fixsa-base:1.8 abandoned-netbsd-4-base:1.8 abandoned-netbsd-4:1.8.0.12 netbsd-3-1:1.8.0.14 netbsd-3-1-RELEASE:1.8 netbsd-3-0-2-RELEASE:1.8 netbsd-3-1-RC4:1.8 netbsd-3-1-RC3:1.8 netbsd-3-1-RC2:1.8 netbsd-3-1-RC1:1.8 netbsd-4:1.8.0.16 netbsd-4-base:1.8 netbsd-3-0-1-RELEASE:1.8 netbsd-3-0:1.8.0.10 netbsd-3-0-RELEASE:1.8 netbsd-3-0-RC6:1.8 netbsd-3-0-RC5:1.8 netbsd-3-0-RC4:1.8 netbsd-3-0-RC3:1.8 netbsd-3-0-RC2:1.8 netbsd-3-0-RC1:1.8 netbsd-2-0-3-RELEASE:1.8 netbsd-2-1:1.8.0.8 netbsd-2-1-RELEASE:1.8 netbsd-2-1-RC6:1.8 netbsd-2-1-RC5:1.8 netbsd-2-1-RC4:1.8 netbsd-2-1-RC3:1.8 netbsd-2-1-RC2:1.8 netbsd-2-1-RC1:1.8 netbsd-2-0-2-RELEASE:1.8 netbsd-3:1.8.0.6 netbsd-3-base:1.8 netbsd-2-0-1-RELEASE:1.8 netbsd-2:1.8.0.4 netbsd-2-base:1.8 netbsd-2-0-RELEASE:1.8 netbsd-2-0-RC5:1.8 netbsd-2-0-RC4:1.8 netbsd-2-0-RC3:1.8 netbsd-2-0-RC2:1.8 netbsd-2-0-RC1:1.8 netbsd-2-0:1.8.0.2 netbsd-2-0-base:1.8 netbsd-1-6-PATCH002-RELEASE:1.3 netbsd-1-6-PATCH002:1.3 netbsd-1-6-PATCH002-RC4:1.3 netbsd-1-6-PATCH002-RC3:1.3 netbsd-1-6-PATCH002-RC2:1.3 netbsd-1-6-PATCH002-RC1:1.3 netbsd-1-6-PATCH001:1.3 netbsd-1-6-PATCH001-RELEASE:1.3 netbsd-1-6-PATCH001-RC3:1.3 netbsd-1-6-PATCH001-RC2:1.3 netbsd-1-6-PATCH001-RC1:1.3 fvdl_fs64_base:1.3 netbsd-1-6-RELEASE:1.3 netbsd-1-6-RC3:1.3 netbsd-1-6-RC2:1.3 netbsd-1-6-RC1:1.3 netbsd-1-6:1.3.0.2 netbsd-1-6-base:1.3 netbsd-1-5-PATCH003:1.2 netbsd-1-5-PATCH002:1.2 netbsd-1-5-PATCH001:1.2 netbsd-1-5-RELEASE:1.2 netbsd-1-5-BETA2:1.2 netbsd-1-5-BETA:1.2 netbsd-1-5-ALPHA2:1.2 netbsd-1-5:1.2.0.4 netbsd-1-5-base:1.2 minoura-xpg4dl:1.2.0.2 minoura-xpg4dl-base:1.2; locks; strict; comment @# @; 1.23 date 2021.10.28.07.24.40; author kim; state Exp; branches; next 1.22; commitid BOvxazcSKKbR2yeD; 1.22 date 2020.10.05.06.45.40; author kim; state Exp; branches; next 1.21; commitid 2hQ0s0U06geGiGqC; 1.21 date 2020.10.04.13.50.44; author kim; state Exp; branches; next 1.20; commitid hfA7jNNDEUKMCAqC; 1.20 date 2017.01.09.20.05.29; author christos; state Exp; branches 1.20.6.1 1.20.16.1; next 1.19; commitid p2lJRzi6PUZsBkBz; 1.19 date 2014.01.14.13.23.46; author apb; state Exp; branches 1.19.8.1; next 1.18; commitid jQAAnP863sYLp5lx; 1.18 date 2014.01.06.11.26.06; author apb; state Exp; branches; next 1.17; commitid hf4gcelXhbWp33kx; 1.17 date 2014.01.06.11.25.03; author apb; state Exp; branches; next 1.16; commitid vIpTCZv7hKUX23kx; 1.16 date 2014.01.06.11.21.34; author apb; state Exp; branches; next 1.15; commitid hfua3mGE9NVw13kx; 1.15 date 2013.12.28.03.18.39; author christos; state Exp; branches; next 1.14; commitid nwcwkWOrvmAaEQix; 1.14 date 2012.01.16.22.20.45; author christos; state Exp; branches 1.14.2.1 1.14.6.1 1.14.8.1 1.14.16.1; next 1.13; 1.13 date 2012.01.16.22.12.41; author christos; state Exp; branches; next 1.12; 1.12 date 2011.07.28.22.28.07; author simonb; state Exp; branches 1.12.2.1; next 1.11; 1.11 date 2011.07.28.12.55.35; author mbalmer; state Exp; branches; next 1.10; 1.10 date 2011.07.09.19.24.13; author christos; state Exp; branches; next 1.9; 1.9 date 2007.02.10.19.36.56; author reed; state Exp; branches 1.9.20.1 1.9.28.1 1.9.36.1; next 1.8; 1.8 date 2003.12.07.16.11.58; author fredb; state Exp; branches; next 1.7; 1.7 date 2003.12.07.16.02.35; author fredb; state Exp; branches; next 1.6; 1.6 date 2003.12.07.16.01.00; author fredb; state Exp; branches; next 1.5; 1.5 date 2003.12.07.15.56.30; author fredb; state Exp; branches; next 1.4; 1.4 date 2003.09.24.11.36.31; author agc; state Exp; branches; next 1.3; 1.3 date 2001.03.08.19.05.13; author lukem; state Exp; branches; next 1.2; 1.2 date 2000.05.02.12.16.07; author simonb; state Exp; branches; next 1.1; 1.1 date 2000.01.28.06.49.16; author fair; state Exp; branches; next ; 1.20.6.1 date 2020.10.08.16.55.22; author martin; state Exp; branches; next ; commitid UXoHH1SLdaIZz7rC; 1.20.16.1 date 2020.10.08.16.53.57; author martin; state Exp; branches; next ; commitid 3zrs3NI4AIxvz7rC; 1.19.8.1 date 2017.03.20.06.52.12; author pgoyette; state Exp; branches; next ; commitid jjw7cAwgyKq7RfKz; 1.14.2.1 date 2014.01.06.19.12.15; author bouyer; state Exp; branches; next ; commitid RwTI4sguwdzjD5kx; 1.14.6.1 date 2014.08.19.23.45.50; author tls; state Exp; branches; next ; commitid jTnpym9Qu0o4R1Nx; 1.14.8.1 date 2014.01.06.19.12.17; author bouyer; state Exp; branches; next ; commitid pYsAQUXZNsAjD5kx; 1.14.16.1 date 2014.01.06.19.12.23; author bouyer; state Exp; branches; next ; commitid D2yk5KYKmEZjD5kx; 1.12.2.1 date 2012.04.17.00.02.56; author yamt; state Exp; branches; next 1.12.2.2; 1.12.2.2 date 2014.05.22.11.27.18; author yamt; state Exp; branches; next ; commitid spVi6gj5ReXSGwBx; 1.9.20.1 date 2014.01.06.19.24.35; author bouyer; state Exp; branches; next ; commitid BM5YN6fIr7wxH5kx; 1.9.28.1 date 2014.01.06.19.24.39; author bouyer; state Exp; branches; next ; commitid pjBqqragIcZwH5kx; 1.9.36.1 date 2014.01.06.19.24.42; author bouyer; state Exp; branches; next ; commitid E5cqB63TJ2jxH5kx; desc @@ 1.23 log @Fix grammar in comment (affect vs. effect) @ text @# $NetBSD: ntp.conf,v 1.22 2020/10/05 06:45:40 kim Exp $ # # NetBSD default Network Time Protocol (NTP) configuration file for ntpd # This file is intended to be both a usable default, and a Quick-Start # Guide. The directives and options listed here are not at all complete. # A great deal of additional documentation, including links to FAQS and # other guides, may be found on the official NTP web site, in particular # # http://www.ntp.org/documentation.html # Process ID file, so that the daemon can be signalled from scripts pidfile /var/run/ntpd.pid # Don't give up even if the reference time is hugely different. This can # happen if the system was suspended and resumed. #tinker panic 0 # The correction calculated by ntpd(8) for the local system clock's # drift is stored here. driftfile /var/db/ntp.drift # Suppress the syslog(3) message for each peer synchronization change. logconfig -syncstatus # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't # do this if you configure only one server! tos minsane 2 # Set the target and limit for adding servers configured via pool statements # or discovered dynamically via mechanisms such as broadcast and manycast. # Ntpd automatically adds maxclock-1 servers from configured pools, and may # add as many as maxclock*2 if necessary to ensure that at least minclock # servers are providing good consistent time. tos minclock 3 maxclock 6 # Set the number of tries to register with mdns. 0 means never mdnstries 0 # New ntpd disables the ntpdc protocol by default, to re-enable uncomment # the following line #enable mode7 # Allow hasty ntpdate clients to avoid rate limiting / kod responses. # The default is 2 seconds between packets from the client. #discard minimum 1 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # limited Deny time service if the packet violates the rate limits # established by the discard command. Does not affect ntpq or # ntpdc queries. # kod Send "kiss-o'-death" packets if clients exceed rate limits. # No effect without the limited flag. # nomodify Deny attempts to modify the state of the server via ntpq or # ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing new peer associations. # Does not affect peers configured using "peer" lines. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, allow client/server time exchange without prior # arrangement, but deny configuration changes, queries, and peer # associations that were not explicitly configured. restrict default limited kod nomodify notrap nopeer noquery # Restrictions used for associations (peer, server, pool). restrict source nomodify notrap noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) #restrict 192.0.2.0 mask 255.255.255.0 limited kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: limited kod nomodify notrap nopeer # No restrictions for localhost. restrict 127.0.0.1 restrict ::1 # Hereafter should be "server", "peer", or "pool" statements to configure # other hosts to exchange NTP packets with. # # See # and # for advice. # # Peers or servers should be selected in such a way that the network # path to them is short, uncongested, and symmetric (that is, the series # of links and routers used to get to the peer is the same one that # the peer uses to get back). The best place to start looking for NTP # peers for your system is within your own network, or at your Internet # Service Provider (ISP). # # Ideally, you should select at least three other systems to talk NTP # with, for an "what I tell you three times is true" effect. #peer an.ntp.peer.goes.here iburst #server an.ntp.server.goes.here iburst # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts. # # The following pool statement will give you a random set of NTP servers # geographically close to you. A single pool statement adds multiple # servers from the pool, according to the tos minclock/maxclock targets. # The "2" host is used to obtain both IPv4 and IPv6 addresses. # # The pool.ntp.org project needs more volunteers! The only criteria to # join are a nailed-up connection and a static IP address. For details, # see the web page pool 2.netbsd.pool.ntp.org iburst @ 1.22 log @Add iburst to peer and server. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.21 2020/10/04 13:50:44 kim Exp $ d69 1 a69 1 # No affect without the limited flag. @ 1.21 log @Use "pool" for the pool.ntp.org servers. Add some new hints. - Use the "pool" keyword for obtaining servers from ntp.pool.org. - Add "tos minclock" and "tos maxclock" to limit the number of servers. - Add "restrict source" to apply appropriate restrictions to servers. (Specifically "nopeer" cannot be applied to "pool" servers.) - A single "pool" entry suffices -- using "2.netbsd.pool.ntp.org" so that we get both IPv4 and IPv6 addresses. (No addresses are returned for just "netbsd.pool.ntp.org.") - Add a comment about "tinker panic 0" -- useful for VMs and laptops. - Add a comment about "discard minimum" -- useful for some SNTP clients. - Add an explanation for the "limited" restriction keyword. - Unify whitespace and comment formatting. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.20 2017/01/09 20:05:29 christos Exp $ d120 2 a121 2 #peer an.ntp.peer.goes.here #server an.ntp.server.goes.here @ 1.20 log @"kod" needs limited. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.19 2014/01/14 13:23:46 apb Exp $ a10 1 # d14 6 a19 1 pidfile /var/run/ntpd.pid d24 1 a24 1 driftfile /var/db/ntp.drift d28 1 a28 1 logconfig -syncstatus d34 9 a42 1 tos minsane 2 d45 2 a46 2 # mdnstries 0 d50 7 a56 1 # enable mode7 d65 7 a71 4 # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. d85 6 a90 2 # restrict default kod limited nopeer noquery d94 3 a96 3 # #restrict 192.0.2.0 mask 255.255.255.0 kod limited nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod limited nomodify notrap nopeer d99 1 a99 1 # d103 2 a104 2 # Hereafter should be "server" or "peer" statements to configure other # hosts to exchange NTP packets with. d120 2 a121 2 #peer an.ntp.peer.goes.here #server an.ntp.server.goes.here d125 6 a130 4 # servers are intended to be used by default on NetBSD hosts, but # servers that are closer to you are likely to be better. Consider # using servers specific to your country, a nearby country, or your # continent. d134 1 a134 4 # see the web page: # # http://www.pool.ntp.org/join.html # d136 1 a136 4 server 0.netbsd.pool.ntp.org server 1.netbsd.pool.ntp.org server 2.netbsd.pool.ntp.org server 3.netbsd.pool.ntp.org @ 1.20.6.1 log @Pull up following revision(s) (requested by kim in ticket #1611): etc/ntp.conf: revision 1.21 etc/ntp.conf: revision 1.22 Use "pool" for the pool.ntp.org servers. Add some new hints. - Use the "pool" keyword for obtaining servers from ntp.pool.org. - Add "tos minclock" and "tos maxclock" to limit the number of servers. - Add "restrict source" to apply appropriate restrictions to servers. (Specifically "nopeer" cannot be applied to "pool" servers.) - A single "pool" entry suffices -- using "2.netbsd.pool.ntp.org" so that we get both IPv4 and IPv6 addresses. (No addresses are returned for just "netbsd.pool.ntp.org.") - Add a comment about "tinker panic 0" -- useful for VMs and laptops. - Add a comment about "discard minimum" -- useful for some SNTP clients. - Add an explanation for the "limited" restriction keyword. - Unify whitespace and comment formatting. Add iburst to peer and server. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.20 2017/01/09 20:05:29 christos Exp $ d11 1 d15 1 a15 6 pidfile /var/run/ntpd.pid # Don't give up even if the reference time is hugely different. This can # happen if the system was suspended and resumed. #tinker panic 0 d20 1 a20 1 driftfile /var/db/ntp.drift d24 1 a24 1 logconfig -syncstatus d30 1 a30 9 tos minsane 2 # Set the target and limit for adding servers configured via pool statements # or discovered dynamically via mechanisms such as broadcast and manycast. # Ntpd automatically adds maxclock-1 servers from configured pools, and may # add as many as maxclock*2 if necessary to ensure that at least minclock # servers are providing good consistent time. tos minclock 3 maxclock 6 d33 2 a34 2 mdnstries 0 d38 1 a38 7 #enable mode7 # Allow hasty ntpdate clients to avoid rate limiting / kod responses. # The default is 2 seconds between packets from the client. #discard minimum 1 d47 4 a50 7 # limited Deny time service if the packet violates the rate limits # established by the discard command. Does not affect ntpq or # ntpdc queries. # kod Send "kiss-o'-death" packets if clients exceed rate limits. # No affect without the limited flag. # nomodify Deny attempts to modify the state of the server via ntpq or # ntpdc queries. d64 2 a65 6 restrict default limited kod nomodify notrap nopeer noquery # Restrictions used for associations (peer, server, pool). restrict source nomodify notrap noquery d69 3 a71 3 #restrict 192.0.2.0 mask 255.255.255.0 limited kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: limited kod nomodify notrap nopeer d74 1 a74 1 d78 2 a79 2 # Hereafter should be "server", "peer", or "pool" statements to configure # other hosts to exchange NTP packets with. d95 2 a96 2 #peer an.ntp.peer.goes.here iburst #server an.ntp.server.goes.here iburst d100 4 a103 6 # servers are intended to be used by default on NetBSD hosts. # # The following pool statement will give you a random set of NTP servers # geographically close to you. A single pool statement adds multiple # servers from the pool, according to the tos minclock/maxclock targets. # The "2" host is used to obtain both IPv4 and IPv6 addresses. d107 4 a110 1 # see the web page d112 4 a115 1 pool 2.netbsd.pool.ntp.org iburst @ 1.20.16.1 log @Pull up following revision(s) (requested by kim in ticket #1102): etc/ntp.conf: revision 1.21 etc/ntp.conf: revision 1.22 Use "pool" for the pool.ntp.org servers. Add some new hints. - Use the "pool" keyword for obtaining servers from ntp.pool.org. - Add "tos minclock" and "tos maxclock" to limit the number of servers. - Add "restrict source" to apply appropriate restrictions to servers. (Specifically "nopeer" cannot be applied to "pool" servers.) - A single "pool" entry suffices -- using "2.netbsd.pool.ntp.org" so that we get both IPv4 and IPv6 addresses. (No addresses are returned for just "netbsd.pool.ntp.org.") - Add a comment about "tinker panic 0" -- useful for VMs and laptops. - Add a comment about "discard minimum" -- useful for some SNTP clients. - Add an explanation for the "limited" restriction keyword. - Unify whitespace and comment formatting. Add iburst to peer and server. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.20 2017/01/09 20:05:29 christos Exp $ d11 1 d15 1 a15 6 pidfile /var/run/ntpd.pid # Don't give up even if the reference time is hugely different. This can # happen if the system was suspended and resumed. #tinker panic 0 d20 1 a20 1 driftfile /var/db/ntp.drift d24 1 a24 1 logconfig -syncstatus d30 1 a30 9 tos minsane 2 # Set the target and limit for adding servers configured via pool statements # or discovered dynamically via mechanisms such as broadcast and manycast. # Ntpd automatically adds maxclock-1 servers from configured pools, and may # add as many as maxclock*2 if necessary to ensure that at least minclock # servers are providing good consistent time. tos minclock 3 maxclock 6 d33 2 a34 2 mdnstries 0 d38 1 a38 7 #enable mode7 # Allow hasty ntpdate clients to avoid rate limiting / kod responses. # The default is 2 seconds between packets from the client. #discard minimum 1 d47 4 a50 7 # limited Deny time service if the packet violates the rate limits # established by the discard command. Does not affect ntpq or # ntpdc queries. # kod Send "kiss-o'-death" packets if clients exceed rate limits. # No affect without the limited flag. # nomodify Deny attempts to modify the state of the server via ntpq or # ntpdc queries. d64 2 a65 6 restrict default limited kod nomodify notrap nopeer noquery # Restrictions used for associations (peer, server, pool). restrict source nomodify notrap noquery d69 3 a71 3 #restrict 192.0.2.0 mask 255.255.255.0 limited kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: limited kod nomodify notrap nopeer d74 1 a74 1 d78 2 a79 2 # Hereafter should be "server", "peer", or "pool" statements to configure # other hosts to exchange NTP packets with. d95 2 a96 2 #peer an.ntp.peer.goes.here iburst #server an.ntp.server.goes.here iburst d100 4 a103 6 # servers are intended to be used by default on NetBSD hosts. # # The following pool statement will give you a random set of NTP servers # geographically close to you. A single pool statement adds multiple # servers from the pool, according to the tos minclock/maxclock targets. # The "2" host is used to obtain both IPv4 and IPv6 addresses. d107 4 a110 1 # see the web page d112 4 a115 1 pool 2.netbsd.pool.ntp.org iburst @ 1.19 log @Don't try to use server-specific "restrict" settings; they do not work when the server is specified by domain name and the name is associated with multiple IP addresses. This also means that uncommenting "restrict default ignore" will not work, so remove the comments suggesting that. Also edit some other comments. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.18 2014/01/06 11:26:06 apb Exp $ d65 1 a65 1 restrict default kod nopeer noquery d70 2 a71 2 #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer @ 1.19.8.1 log @Sync with HEAD @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.20 2017/01/09 20:05:29 christos Exp $ d65 1 a65 1 restrict default kod limited nopeer noquery d70 2 a71 2 #restrict 192.0.2.0 mask 255.255.255.0 kod limited nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod limited nomodify notrap nopeer @ 1.18 log @Another comment change, missed in previous commit. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.17 2014/01/06 11:25:03 apb Exp $ d53 2 a54 2 # nopeer Prevent establishing an new peer association. # Does not affect preconfigured peer associations. d61 3 a63 4 # By default, either deny everything, or allow client/server time exchange # but deny configuration changes, queries, and peer associations that were not # explicitly configured. # (Uncomment one of the following "restrict default" lines.) a64 1 #restrict default ignore d85 6 a90 6 # Peers should be selected in such a way that the network path to them # is short, uncongested, and symmetric (that is, the series of links # and routers used to get to the peer is the same one that the peer # uses to get back). The best place to start looking for NTP peers for # your system is within your own network, or at your Internet Service # Provider (ISP). a93 4 # # A "restrict" line for each configured peer or server might be necessary, # if the "restrict default" settings are very restrictive. As a courtesy # to configured peers and servers, consider allowing them to query. a96 1 #restrict an.ntp.server.goes.here nomodify notrap a112 1 restrict 0.netbsd.pool.ntp.org nomodify notrap a113 1 restrict 1.netbsd.pool.ntp.org nomodify notrap a114 1 restrict 2.netbsd.pool.ntp.org nomodify notrap a115 1 restrict 3.netbsd.pool.ntp.org nomodify notrap @ 1.17 log @Attempt to improve comments about how to choose servers, and about what "tos minsane" does. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.16 2014/01/06 11:21:34 apb Exp $ a118 5 # Depending on the vagaries of DNS can occasionally pull in the same # server twice. The following CNAMES are guaranteed to be disjoint, at # least over some short interval. The following servers are allocated # to the NetBSD project. @ 1.16 log @Add several "restrict" lines to the default ntp.conf, with comments. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.15 2013/12/28 03:18:39 christos Exp $ d26 2 a27 1 # This will help minimize disruptions due to network congestion. Don't d81 12 a92 15 # hosts to exchange NTP packets with. Peers should be selected in such # a way that the network path to them is symmetric (that is, the series # of links and routers used to get to the peer is the same one that the # peer uses to get back. NTP assumes such symmetry in its network delay # calculation. NTP will apply an incorrect adjustment to timestamps # received from the peer if the path is not symmetric. This can result # in clock skew (your system clock being maintained consistently wrong # by a certain amount). # # The best way to select symmetric peers is to make sure that the # network path to them is as short as possible (this reduces the chance # that there is more than one network path between you and your peer). # You can measure these distances with the traceroute(8) program. The # best place to start looking for NTP peers for your system is within # your own network, or at your Internet Service Provider (ISP). d105 7 a111 2 # Public servers from the pool.ntp.org project. Volunteer's servers # are dynamically assigned to the CNAMES below via DNS round-robin. @ 1.15 log @put a comment for mode7 @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.14 2012/01/16 22:20:45 christos Exp $ d39 40 d99 3 d105 1 d122 1 d124 1 d126 1 d128 1 @ 1.14 log @use the join URL. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.13 2012/01/16 22:12:41 christos Exp $ d35 4 @ 1.14.6.1 log @Rebase to HEAD as of a few days ago. @ text @d1 1 a1 1 # $NetBSD$ d26 1 a26 2 # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't a34 42 # New ntpd disables the ntpdc protocol by default, to re-enable uncomment # the following line # enable mode7 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing new peer associations. # Does not affect peers configured using "peer" lines. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, allow client/server time exchange without prior # arrangement, but deny configuration changes, queries, and peer # associations that were not explicitly configured. # restrict default kod nopeer noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) # #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer # No restrictions for localhost. # restrict 127.0.0.1 restrict ::1 d36 15 a50 12 # hosts to exchange NTP packets with. # # See # and # for advice. # # Peers or servers should be selected in such a way that the network # path to them is short, uncongested, and symmetric (that is, the series # of links and routers used to get to the peer is the same one that # the peer uses to get back). The best place to start looking for NTP # peers for your system is within your own network, or at your Internet # Service Provider (ISP). d54 1 d59 2 a60 7 # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts, but # servers that are closer to you are likely to be better. Consider # using servers specific to your country, a nearby country, or your # continent. # d68 5 @ 1.14.16.1 log @etc/ntp.conf 1.16, 1.17, 1.18 via patch external/bsd/ntp/dist/ntpd/ntp_request.c patch Patch from ntp 4.2.7p404 to prevent an amplifier and DoS attack. Add several "restrict" lines to the default ntp.conf and improve comments [spz, ticket #1010] @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.14 2012/01/16 22:20:45 christos Exp $ d26 1 a26 2 # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't a34 40 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing an new peer association. # Does not affect preconfigured peer associations. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, either deny everything, or allow client/server time exchange # but deny configuration changes, queries, and peer associations that were not # explicitly configured. # (Uncomment one of the following "restrict default" lines.) # #restrict default ignore restrict default kod nopeer noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) # #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer # No restrictions for localhost. # restrict 127.0.0.1 restrict ::1 d36 15 a50 12 # hosts to exchange NTP packets with. # # See # and # for advice. # # Peers should be selected in such a way that the network path to them # is short, uncongested, and symmetric (that is, the series of links # and routers used to get to the peer is the same one that the peer # uses to get back). The best place to start looking for NTP peers for # your system is within your own network, or at your Internet Service # Provider (ISP). a57 1 #restrict an.ntp.server.goes.here nomodify notrap d59 2 a60 7 # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts, but # servers that are closer to you are likely to be better. Consider # using servers specific to your country, a nearby country, or your # continent. # d65 1 a65 1 # http://www.pool.ntp.org/join.html d68 9 a76 8 server 0.netbsd.pool.ntp.org restrict 0.netbsd.pool.ntp.org nomodify notrap server 1.netbsd.pool.ntp.org restrict 1.netbsd.pool.ntp.org nomodify notrap server 2.netbsd.pool.ntp.org restrict 2.netbsd.pool.ntp.org nomodify notrap server 3.netbsd.pool.ntp.org restrict 3.netbsd.pool.ntp.org nomodify notrap @ 1.14.8.1 log @etc/ntp.conf 1.16, 1.17, 1.18 via patch external/bsd/ntp/dist/ntpd/ntp_request.c patch Patch from ntp 4.2.7p404 to prevent an amplifier and DoS attack. Add several "restrict" lines to the default ntp.conf and improve comments [spz, ticket #1010] @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.14 2012/01/16 22:20:45 christos Exp $ d26 1 a26 2 # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't a34 40 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing an new peer association. # Does not affect preconfigured peer associations. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, either deny everything, or allow client/server time exchange # but deny configuration changes, queries, and peer associations that were not # explicitly configured. # (Uncomment one of the following "restrict default" lines.) # #restrict default ignore restrict default kod nopeer noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) # #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer # No restrictions for localhost. # restrict 127.0.0.1 restrict ::1 d36 15 a50 12 # hosts to exchange NTP packets with. # # See # and # for advice. # # Peers should be selected in such a way that the network path to them # is short, uncongested, and symmetric (that is, the series of links # and routers used to get to the peer is the same one that the peer # uses to get back). The best place to start looking for NTP peers for # your system is within your own network, or at your Internet Service # Provider (ISP). a57 1 #restrict an.ntp.server.goes.here nomodify notrap d59 2 a60 7 # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts, but # servers that are closer to you are likely to be better. Consider # using servers specific to your country, a nearby country, or your # continent. # d65 1 a65 1 # http://www.pool.ntp.org/join.html d68 9 a76 8 server 0.netbsd.pool.ntp.org restrict 0.netbsd.pool.ntp.org nomodify notrap server 1.netbsd.pool.ntp.org restrict 1.netbsd.pool.ntp.org nomodify notrap server 2.netbsd.pool.ntp.org restrict 2.netbsd.pool.ntp.org nomodify notrap server 3.netbsd.pool.ntp.org restrict 3.netbsd.pool.ntp.org nomodify notrap @ 1.14.2.1 log @etc/ntp.conf 1.16, 1.17, 1.18 via patch external/bsd/ntp/dist/ntpd/ntp_request.c patch Patch from ntp 4.2.7p404 to prevent an amplifier and DoS attack. Add several "restrict" lines to the default ntp.conf and improve comments [spz, ticket #1010] @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.14 2012/01/16 22:20:45 christos Exp $ d26 1 a26 2 # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't a34 40 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing an new peer association. # Does not affect preconfigured peer associations. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, either deny everything, or allow client/server time exchange # but deny configuration changes, queries, and peer associations that were not # explicitly configured. # (Uncomment one of the following "restrict default" lines.) # #restrict default ignore restrict default kod nopeer noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) # #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer # No restrictions for localhost. # restrict 127.0.0.1 restrict ::1 d36 15 a50 12 # hosts to exchange NTP packets with. # # See # and # for advice. # # Peers should be selected in such a way that the network path to them # is short, uncongested, and symmetric (that is, the series of links # and routers used to get to the peer is the same one that the peer # uses to get back). The best place to start looking for NTP peers for # your system is within your own network, or at your Internet Service # Provider (ISP). a57 1 #restrict an.ntp.server.goes.here nomodify notrap d59 2 a60 7 # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts, but # servers that are closer to you are likely to be better. Consider # using servers specific to your country, a nearby country, or your # continent. # d65 1 a65 1 # http://www.pool.ntp.org/join.html d68 9 a76 8 server 0.netbsd.pool.ntp.org restrict 0.netbsd.pool.ntp.org nomodify notrap server 1.netbsd.pool.ntp.org restrict 1.netbsd.pool.ntp.org nomodify notrap server 2.netbsd.pool.ntp.org restrict 2.netbsd.pool.ntp.org nomodify notrap server 3.netbsd.pool.ntp.org restrict 3.netbsd.pool.ntp.org nomodify notrap @ 1.13 log @Instead of using the general servers, use the ones allocated specifically for the NetBSD project. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.12 2011/07/28 22:28:07 simonb Exp $ d65 1 a65 1 # http://www.pool.ntp.org/ @ 1.12 log @Restore "duplicate" entries, but use 0. and 1. names to ensure that same hosts aren't used by both entries. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.11 2011/07/28 12:55:35 mbalmer Exp $ a67 13 # The country codes can help you find servers that are net-wise close. # As explained above, closer is better... # Northern U.S.A #server ca.pool.ntp.org #server 0.us.pool.ntp.org #server 1.us.pool.ntp.org # Northern Europe #server 0.de.pool.ntp.org #server 1.de.pool.ntp.org #server dk.pool.ntp.org d70 2 a71 1 # least over some short interval. d73 4 a76 3 server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org @ 1.12.2.1 log @sync with head @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.12 2011/07/28 22:28:07 simonb Exp $ d65 1 a65 1 # http://www.pool.ntp.org/join.html d68 13 d83 1 a83 2 # least over some short interval. The following servers are allocated # to the NetBSD project. d85 3 a87 4 server 0.netbsd.pool.ntp.org server 1.netbsd.pool.ntp.org server 2.netbsd.pool.ntp.org server 3.netbsd.pool.ntp.org @ 1.12.2.2 log @sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.12.2.1 2012/04/17 00:02:56 yamt Exp $ d26 1 a26 2 # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't a34 42 # New ntpd disables the ntpdc protocol by default, to re-enable uncomment # the following line # enable mode7 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing new peer associations. # Does not affect peers configured using "peer" lines. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, allow client/server time exchange without prior # arrangement, but deny configuration changes, queries, and peer # associations that were not explicitly configured. # restrict default kod nopeer noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) # #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer # No restrictions for localhost. # restrict 127.0.0.1 restrict ::1 d36 15 a50 12 # hosts to exchange NTP packets with. # # See # and # for advice. # # Peers or servers should be selected in such a way that the network # path to them is short, uncongested, and symmetric (that is, the series # of links and routers used to get to the peer is the same one that # the peer uses to get back). The best place to start looking for NTP # peers for your system is within your own network, or at your Internet # Service Provider (ISP). d54 1 d59 2 a60 7 # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts, but # servers that are closer to you are likely to be better. Consider # using servers specific to your country, a nearby country, or your # continent. # d68 5 @ 1.11 log @Remove duplicate (but commented out) entries. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.10 2011/07/09 19:24:13 christos Exp $ d73 2 a74 1 #server us.pool.ntp.org d77 2 a78 1 #server de.pool.ntp.org @ 1.10 log @default mdnstries to 0; most people don't use mdns, so this prevents spurious warnings. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.9 2007/02/10 19:36:56 reed Exp $ a73 1 #server us.pool.ntp.org a76 1 #server de.pool.ntp.org @ 1.9 log @Fix typo/mispelling in comment. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.8 2003/12/07 16:11:58 fredb Exp $ d31 4 @ 1.9.36.1 log @etc/ntp.conf 1.16, 1.17, 1.18 via patch external/bsd/ntp/dist/ntpd/ntp_request.c patch Patch from ntp 4.2.7p404 to prevent an amplifier and DoS attack. Add several "restrict" lines to the default ntp.conf and improve comments [spz, ticket #1895] @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.9 2007/02/10 19:36:56 reed Exp $ d26 1 a26 2 # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't a30 40 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing an new peer association. # Does not affect preconfigured peer associations. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, either deny everything, or allow client/server time exchange # but deny configuration changes, queries, and peer associations that were not # explicitly configured. # (Uncomment one of the following "restrict default" lines.) # #restrict default ignore restrict default kod nopeer noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) # #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer # No restrictions for localhost. # restrict 127.0.0.1 restrict ::1 d32 15 a46 12 # hosts to exchange NTP packets with. # # See # and # for advice. # # Peers should be selected in such a way that the network path to them # is short, uncongested, and symmetric (that is, the series of links # and routers used to get to the peer is the same one that the peer # uses to get back). The best place to start looking for NTP peers for # your system is within your own network, or at your Internet Service # Provider (ISP). a50 3 # A "restrict" line for each configured peer or server might be necessary, # if the "restrict default" settings are very restrictive. As a courtesy # to configured peers and servers, consider allowing them to query. a53 1 #restrict an.ntp.server.goes.here nomodify notrap d55 2 a56 7 # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts, but # servers that are closer to you are likely to be better. Consider # using servers specific to your country, a nearby country, or your # continent. # d61 1 a61 1 # http://www.pool.ntp.org/join.html d64 20 a83 8 server 0.netbsd.pool.ntp.org restrict 0.netbsd.pool.ntp.org nomodify notrap server 1.netbsd.pool.ntp.org restrict 1.netbsd.pool.ntp.org nomodify notrap server 2.netbsd.pool.ntp.org restrict 2.netbsd.pool.ntp.org nomodify notrap server 3.netbsd.pool.ntp.org restrict 3.netbsd.pool.ntp.org nomodify notrap @ 1.9.28.1 log @etc/ntp.conf 1.16, 1.17, 1.18 via patch external/bsd/ntp/dist/ntpd/ntp_request.c patch Patch from ntp 4.2.7p404 to prevent an amplifier and DoS attack. Add several "restrict" lines to the default ntp.conf and improve comments [spz, ticket #1895] @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.9 2007/02/10 19:36:56 reed Exp $ d26 1 a26 2 # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't a30 40 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing an new peer association. # Does not affect preconfigured peer associations. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, either deny everything, or allow client/server time exchange # but deny configuration changes, queries, and peer associations that were not # explicitly configured. # (Uncomment one of the following "restrict default" lines.) # #restrict default ignore restrict default kod nopeer noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) # #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer # No restrictions for localhost. # restrict 127.0.0.1 restrict ::1 d32 15 a46 12 # hosts to exchange NTP packets with. # # See # and # for advice. # # Peers should be selected in such a way that the network path to them # is short, uncongested, and symmetric (that is, the series of links # and routers used to get to the peer is the same one that the peer # uses to get back). The best place to start looking for NTP peers for # your system is within your own network, or at your Internet Service # Provider (ISP). a50 3 # A "restrict" line for each configured peer or server might be necessary, # if the "restrict default" settings are very restrictive. As a courtesy # to configured peers and servers, consider allowing them to query. a53 1 #restrict an.ntp.server.goes.here nomodify notrap d55 2 a56 7 # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts, but # servers that are closer to you are likely to be better. Consider # using servers specific to your country, a nearby country, or your # continent. # d61 1 a61 1 # http://www.pool.ntp.org/join.html d64 20 a83 8 server 0.netbsd.pool.ntp.org restrict 0.netbsd.pool.ntp.org nomodify notrap server 1.netbsd.pool.ntp.org restrict 1.netbsd.pool.ntp.org nomodify notrap server 2.netbsd.pool.ntp.org restrict 2.netbsd.pool.ntp.org nomodify notrap server 3.netbsd.pool.ntp.org restrict 3.netbsd.pool.ntp.org nomodify notrap @ 1.9.20.1 log @etc/ntp.conf 1.16, 1.17, 1.18 via patch external/bsd/ntp/dist/ntpd/ntp_request.c patch Patch from ntp 4.2.7p404 to prevent an amplifier and DoS attack. Add several "restrict" lines to the default ntp.conf and improve comments [spz, ticket #1895] @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.9 2007/02/10 19:36:56 reed Exp $ d26 1 a26 2 # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't a30 40 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. # See for advice. # Last match wins. # # Some of the more common keywords are: # ignore Deny packets of all kinds. # kod Send "kiss-o'-death" packets if clients exceed rate # limits. # nomodify Deny attempts to modify the state of the server via # ntpq or ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing an new peer association. # Does not affect preconfigured peer associations. # Does not affect client/server time synchronisation. # noserve Deny all time synchronisation. Does not affect ntpq or # ntpdc queries. # notrap Deny the trap subset of the ntpdc control message protocol. # notrust Deny packets that are not cryptographically authenticated. # # By default, either deny everything, or allow client/server time exchange # but deny configuration changes, queries, and peer associations that were not # explicitly configured. # (Uncomment one of the following "restrict default" lines.) # #restrict default ignore restrict default kod nopeer noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) # #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer #restrict 2001:db8:: mask ffff:ffff:: kod nomodify notrap nopeer # No restrictions for localhost. # restrict 127.0.0.1 restrict ::1 d32 15 a46 12 # hosts to exchange NTP packets with. # # See # and # for advice. # # Peers should be selected in such a way that the network path to them # is short, uncongested, and symmetric (that is, the series of links # and routers used to get to the peer is the same one that the peer # uses to get back). The best place to start looking for NTP peers for # your system is within your own network, or at your Internet Service # Provider (ISP). a50 3 # A "restrict" line for each configured peer or server might be necessary, # if the "restrict default" settings are very restrictive. As a courtesy # to configured peers and servers, consider allowing them to query. a53 1 #restrict an.ntp.server.goes.here nomodify notrap d55 2 a56 7 # The pool.ntp.org project coordinates public time servers provided by # volunteers. See . The *.netbsd.pool.ntp.org # servers are intended to be used by default on NetBSD hosts, but # servers that are closer to you are likely to be better. Consider # using servers specific to your country, a nearby country, or your # continent. # d61 1 a61 1 # http://www.pool.ntp.org/join.html d64 20 a83 8 server 0.netbsd.pool.ntp.org restrict 0.netbsd.pool.ntp.org nomodify notrap server 1.netbsd.pool.ntp.org restrict 1.netbsd.pool.ntp.org nomodify notrap server 2.netbsd.pool.ntp.org restrict 2.netbsd.pool.ntp.org nomodify notrap server 3.netbsd.pool.ntp.org restrict 3.netbsd.pool.ntp.org nomodify notrap @ 1.8 log @Add a synopsis, disclaimer, and a hypertext link to the "real" documentation. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.7 2003/12/07 16:02:35 fredb Exp $ d7 1 a7 1 # A great deal of additional documention, including links to FAQS and @ 1.7 log @Whitespace and punctuation cleanup. Try to fill lines up to 72 columns. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.4 2003/09/24 11:36:31 agc Exp $ d4 8 @ 1.6 log @Expand the "pool.ntp.org" section. Drop "maxpoll", call for volunteers, add some example country codes, and use disjoint CNAMES by default, as discussed in PR misc/23283 (by Adrian 'Dagurashibanipal' von Bidder), the pool.ntp.org mastermind and maintainer). @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.5 2003/12/07 15:56:30 fredb Exp $ d3 1 a3 2 # NetBSD default Network Time Protocol (NTP) configuration file # for ntpd d10 1 a10 1 # drift is stored here d14 1 a14 1 # suppress the syslog(3) message for each peer synchronization change d23 10 a32 10 # Hereafter should be "server" or "peer" statements to configure # other hosts to exchange NTP packets with. Peers should be selected # in such a way that the network path to them is symmetric (that is, # the series of links and routers used to get to the peer is the same # one that the peer uses to get back. NTP assumes such symmetry # in its network delay calculation. NTP will apply an incorrect # adjustment to timestamps received from the peer if the path is not # symmetric. This can result in clock skew (your system clock being # maintained consistently wrong by a certain amount). # d34 5 a38 6 # network path to them is as short as possible (this reduces the # chance that there is more than one network path between you and # your peer). You can measure these distances with the traceroute(8) # program. The best place to start looking for NTP peers for your # system is within your own network, or at your Internet Service # Provider (ISP). d40 2 a41 2 # Ideally, you should select at least three other systems to talk # NTP with, for an "what I tell you three times is true" effect. @ 1.5 log @Add a "tos" directive. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.4 2003/09/24 11:36:31 agc Exp $ d49 6 a54 1 # Public servers from the ntp public pool project. See: d56 4 a59 2 # The servers will be dynamically assigned on a round-robin basis # from a list of volunteers. d61 17 a77 3 server pool.ntp.org maxpoll 12 server pool.ntp.org maxpoll 12 server pool.ntp.org maxpoll 12 @ 1.4 log @Default to the public servers from the ntp public pool project. The servers will be dynamically assigned on a round-robin basis from a list of volunteers. Fix provided by Wolfgang Rupprecht in PR 22416 @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.3 2001/03/08 19:05:13 lukem Exp $ d18 5 @ 1.3 log @whitespace police @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.2 2000/05/02 12:16:07 simonb Exp $ d43 9 @ 1.2 log @Use "ntpd.pid" for pid file, change other xntp references to ntp. @ text @d1 1 a1 1 # $NetBSD: ntp.conf,v 1.1 2000/01/28 06:49:16 fair Exp $ d8 1 a8 1 pidfile /var/run/ntpd.pid d13 1 a13 1 driftfile /var/db/ntp.drift d17 1 a17 1 logconfig -syncstatus d41 2 a42 2 #peer an.ntp.peer.goes.here #server an.ntp.server.goes.here @ 1.1 log @A default NTP configuration file, per PR 4312. @ text @d1 1 a1 1 # $NetBSD$ d4 1 a4 1 # for xntpd d8 1 a8 1 pidfile /var/run/xntpd.pid d10 1 a10 1 # The correction calculated by xntpd(8) for the local system clock's @