Module Name: src Committed By: martin Date: Thu Oct 8 16:55:22 UTC 2020
Modified Files: src/etc [netbsd-8]: ntp.conf Log Message: Pull up following revision(s) (requested by kim in ticket #1611): etc/ntp.conf: revision 1.21 etc/ntp.conf: revision 1.22 Use "pool" for the pool.ntp.org servers. Add some new hints. - Use the "pool" keyword for obtaining servers from ntp.pool.org. - Add "tos minclock" and "tos maxclock" to limit the number of servers. - Add "restrict source" to apply appropriate restrictions to servers. (Specifically "nopeer" cannot be applied to "pool" servers.) - A single "pool" entry suffices -- using "2.netbsd.pool.ntp.org" so that we get both IPv4 and IPv6 addresses. (No addresses are returned for just "netbsd.pool.ntp.org.") - Add a comment about "tinker panic 0" -- useful for VMs and laptops. - Add a comment about "discard minimum" -- useful for some SNTP clients. - Add an explanation for the "limited" restriction keyword. - Unify whitespace and comment formatting. Add iburst to peer and server. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.20.6.1 src/etc/ntp.conf Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/etc/ntp.conf diff -u src/etc/ntp.conf:1.20 src/etc/ntp.conf:1.20.6.1 --- src/etc/ntp.conf:1.20 Mon Jan 9 20:05:29 2017 +++ src/etc/ntp.conf Thu Oct 8 16:55:22 2020 @@ -1,4 +1,4 @@ -# $NetBSD: ntp.conf,v 1.20 2017/01/09 20:05:29 christos Exp $ +# $NetBSD: ntp.conf,v 1.20.6.1 2020/10/08 16:55:22 martin Exp $ # # NetBSD default Network Time Protocol (NTP) configuration file for ntpd @@ -8,34 +8,52 @@ # other guides, may be found on the official NTP web site, in particular # # http://www.ntp.org/documentation.html -# # Process ID file, so that the daemon can be signalled from scripts -pidfile /var/run/ntpd.pid +pidfile /var/run/ntpd.pid + +# Don't give up even if the reference time is hugely different. This can +# happen if the system was suspended and resumed. + +#tinker panic 0 # The correction calculated by ntpd(8) for the local system clock's # drift is stored here. -driftfile /var/db/ntp.drift +driftfile /var/db/ntp.drift # Suppress the syslog(3) message for each peer synchronization change. -logconfig -syncstatus +logconfig -syncstatus # Refuse to set the local clock if there are too few good peers or servers. # This may help minimize disruptions due to network congestion. Don't # do this if you configure only one server! -tos minsane 2 +tos minsane 2 + +# Set the target and limit for adding servers configured via pool statements +# or discovered dynamically via mechanisms such as broadcast and manycast. +# Ntpd automatically adds maxclock-1 servers from configured pools, and may +# add as many as maxclock*2 if necessary to ensure that at least minclock +# servers are providing good consistent time. + +tos minclock 3 maxclock 6 # Set the number of tries to register with mdns. 0 means never -# -mdnstries 0 + +mdnstries 0 # New ntpd disables the ntpdc protocol by default, to re-enable uncomment # the following line -# enable mode7 + +#enable mode7 + +# Allow hasty ntpdate clients to avoid rate limiting / kod responses. +# The default is 2 seconds between packets from the client. + +#discard minimum 1 # Access control restrictions. # See /usr/share/doc/html/ntp/accopt.html for syntax. @@ -44,10 +62,13 @@ mdnstries 0 # # Some of the more common keywords are: # ignore Deny packets of all kinds. -# kod Send "kiss-o'-death" packets if clients exceed rate -# limits. -# nomodify Deny attempts to modify the state of the server via -# ntpq or ntpdc queries. +# limited Deny time service if the packet violates the rate limits +# established by the discard command. Does not affect ntpq or +# ntpdc queries. +# kod Send "kiss-o'-death" packets if clients exceed rate limits. +# No affect without the limited flag. +# nomodify Deny attempts to modify the state of the server via ntpq or +# ntpdc queries. # noquery Deny all ntpq and ntpdc queries. Does not affect time # synchronisation. # nopeer Prevent establishing new peer associations. @@ -61,22 +82,26 @@ mdnstries 0 # By default, allow client/server time exchange without prior # arrangement, but deny configuration changes, queries, and peer # associations that were not explicitly configured. -# -restrict default kod limited nopeer noquery + +restrict default limited kod nomodify notrap nopeer noquery + +# Restrictions used for associations (peer, server, pool). + +restrict source nomodify notrap noquery # Fewer restrictions for the local subnet. # (Uncomment and adjust as appropriate.) -# -#restrict 192.0.2.0 mask 255.255.255.0 kod limited nomodify notrap nopeer -#restrict 2001:db8:: mask ffff:ffff:: kod limited nomodify notrap nopeer + +#restrict 192.0.2.0 mask 255.255.255.0 limited kod nomodify notrap nopeer +#restrict 2001:db8:: mask ffff:ffff:: limited kod nomodify notrap nopeer # No restrictions for localhost. -# + restrict 127.0.0.1 restrict ::1 -# Hereafter should be "server" or "peer" statements to configure other -# hosts to exchange NTP packets with. +# Hereafter should be "server", "peer", or "pool" statements to configure +# other hosts to exchange NTP packets with. # # See <http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork> # and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers> @@ -92,24 +117,20 @@ restrict ::1 # Ideally, you should select at least three other systems to talk NTP # with, for an "what I tell you three times is true" effect. -#peer an.ntp.peer.goes.here -#server an.ntp.server.goes.here +#peer an.ntp.peer.goes.here iburst +#server an.ntp.server.goes.here iburst # The pool.ntp.org project coordinates public time servers provided by # volunteers. See <http://www.pool.ntp.org>. The *.netbsd.pool.ntp.org -# servers are intended to be used by default on NetBSD hosts, but -# servers that are closer to you are likely to be better. Consider -# using servers specific to your country, a nearby country, or your -# continent. +# servers are intended to be used by default on NetBSD hosts. +# +# The following pool statement will give you a random set of NTP servers +# geographically close to you. A single pool statement adds multiple +# servers from the pool, according to the tos minclock/maxclock targets. +# The "2" host is used to obtain both IPv4 and IPv6 addresses. # # The pool.ntp.org project needs more volunteers! The only criteria to # join are a nailed-up connection and a static IP address. For details, -# see the web page: -# -# http://www.pool.ntp.org/join.html -# +# see the web page <http://www.pool.ntp.org/join.html> -server 0.netbsd.pool.ntp.org -server 1.netbsd.pool.ntp.org -server 2.netbsd.pool.ntp.org -server 3.netbsd.pool.ntp.org +pool 2.netbsd.pool.ntp.org iburst