# Sample /etc/ntp.conf: Configuration file for ntpd. # # Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. The # default stratum is usually 3, but in this case we elect to use stratum # 0. Since the server line does not have the prefer keyword, this driver # is never used for synchronization, unless no other other # synchronization source is available. In case the local host is # controlled by some external source, such as an external oscillator or # another protocol, the prefer keyword would cause the local host to # disregard all other synchronization sources, unless the kernel # modifications are in use and declare an unsynchronized condition. # server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 # # NTP server (list one or more) to synchronize with: server 0.pool.ntp.org iburst server 1.pool.ntp.org iburst server 2.pool.ntp.org iburst server 3.pool.ntp.org iburst # # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file. # driftfile /etc/ntp/drift # # Uncomment to use a multicast NTP server on the local subnet: #multicastclient 224.0.1.1 # listen on default 224.0.1.1 # Set an optional compensation for broadcast packet delay: #broadcastdelay 0.008 # # Keys file. If you want to diddle your server at run time, make a # keys file (mode 600 for sure) and define the key number to be # used for making requests. # PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote # systems might be able to reset your clock at will. # #keys /etc/ntp/keys #trustedkey 65535 #requestkey 65535 #controlkey 65535 # # Don't serve time or stats to anyone else by default (more secure) restrict default limited kod nomodify notrap nopeer noquery restrict -6 default limited kod nomodify notrap nopeer noquery # # Use these lines instead if you do want to serve time and stats to # other machines on the network: #restrict default limited kod nomodify notrap nopeer #restrict -6 default limited kod nomodify notrap nopeer # # Disable the ntpdc -c monlist command, which is insecure and can be used # to cause a denial of service attack (CVE-2013-5211). Future versions of # NTP will remove this command. # (this feature was disabled by default with ntpd 4.2.7p230) disable monitor # # Trust ourselves. :-) restrict 127.0.0.1 restrict ::1