# # # Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. The # default stratum is usually 3, but in this case we elect to use stratum # 0. Since the server line does not have the prefer keyword, this driver # is never used for synchronization, unless no other other # synchronization source is available. In case the local host is # controlled by some external source, such as an external oscillator or # another protocol, the prefer keyword would cause the local host to # disregard all other synchronization sources, unless the kernel # modifications are in use and declare an unsynchronized condition. # # # Latest Version of this Doc # -------------------------- # http://www.Linux-Consulting.com/NTP # # # NTP FAQs and Commands # --------------------- # http://www.Linux-Consulting.com/NTP/NTP.Commands.txt # # # Latest NTP sources # ------------------ # http://www.eecis.udel.edu/~ntp/download.html # http://www.eecis.udel.edu/~ntp/ntp_spool/ # # NTP Server options # ------------------ # http://www.eecis.udel.edu/~ntp/ntp_spool/html/confopt.html # # # 31-Aug-99 amo Modified to use ntp.Linux-Consulting.com # 24-Mar-00 amo Added broadcast, list of servers # 05-Apr-01 amo Added setvar and enable and restrict # 26-May-01 amo Added peer, Changed requestkey, changed keys file # 02-Nov-02 amo General cleanup of docs # 08-Nov-02 amo Added more servers and update ip# # 05-Dec-04 amo Added ntp.org # # # # List of NTP servers # ------------------- # http://www.eecis.udel.edu/~mills/ntp/servers.html # http://www.pool.ntp.org # # # 08-Nov-02 amo Added more servers and update ip# # #erver tick.ucla.edu server time.sdsc.edu server soeoec.ucsd.edu server bigben.ucsd.edu # server ntp.apple.com server ns2.fast.net # # # (192.5.5.250) - was # 204.152.184.72 server clock.isc.org # # (192.48.153.74) - was # 192.48.153.80 server clock.sgi.com # # (209.81.9.7) server clock.via.net # # (209.0.72.7) - was # 63.149.208.50 server nist1.datum.com # # (207.126.103.202) - was # 216.200.93.8 server nist1.sjc.certifiedtime.com # # (143.232.55.5) - was # 198.123.30.132 server ntp.nasa.gov # # (192.5.41.40, *.41 ) server tick.usno.navy.mil server tock.usno.navy.mil # #X # (209.133.29.16) #X # (209.133.29.20) #X server tick.gpsclock.com #X server tock.gpsclock.com # # (16.1.0.4, 204.123.2.5) - yes server clepsydra.dec.com # # (204.123.2.72) - yes server usno.pa-x.dec.com # # # server mimsy.mil version 1 # server running ntpd version 1 # server apple.com version 2 # server running ntpd version 2 # # # ntpdate time.nist.gov # ntpdate ntp.alaska.edu # ntpdate Tick.gpsclock.com and Tock.gpsclock.com # # # server ntp.Linux-Consulting.com # # 25-Mar-00 amo Comments from notes.html # # the local addresses are unrestricted # server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 0 # # # 26-May-01 amo Added peer, http://userpages.umbc.edu/~banz/old/ucsdocs/timeservice.html # # Sync to your friends # peer ntp1.Linux-Consulting.com # peer ntp2.Linux-Consulting.com # # # By default, make it so no-one can 'peer' to our server and change # our time, unless we specifically trust them, see below. # restrict default nomodify notrust # # 05-Apr-01 amo Added from http://www.eecis.udel.edu/~ntp/database/html_xntp3.5f/notes.html # # # by default, don't trust and don't allow modifications # # restrict default notrust nomodify # # # # these guys are trusted for time, but no modifications allowed # # restrict 128.100.0.0 mask 255.255.0.0 nomodify # restrict 128.8.10.1 nomodify # restrict 192.35.82.50 nomodify # restrict 128.100.0.0 mask 255.255.0.0 nomodify restrict 128.8.10.1 nomodify #estrict 192.35.82.50 nomodify # #estrict 166.90.172.6 nomodify # # the local addresses are unrestricted # restrict 128.100.100.7 restrict 127.0.0.1 # # # 26-May-01 amo Added log info logconfig all logfile /var/log/xntpd # # # You probably want to provide some additional Information to whoever # sees your NTP Server and checks it out with ntpq or xntpdc. This is # done by setting default Variables as follows (which will show up, # e.g., whenever a ntpq 'rv' is done on your Server): # # setvar info_url=http://www.server.some.where/Some/URL/ default # setvar admin_contact=you@some.where default # setvar access_policy="Sorry, access for our customers only" default # # # 05-Apr-01 amo Added setvar and enable and restrict # enable auth monitor # # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file. # driftfile /etc/ntp/drift multicastclient # listen on default 224.0.1.1 broadcastdelay 0.008 # # 24-Mar-00 amo Added broadcast # broadcast 166.90.172.255 # # # 26-May-01 amo Turn this on for clients # # broadcastclient yes # # # Authentication delay. If you use, or plan to use someday, the # authentication facility you should make the programs in the auth_stuff # directory and figure out what this number should be on your machine. # authenticate no # # # 09-Nov-02 amo What do i need to do with these keys and restrict options ?? # # # # Keys file. If you want to diddle your server at run time, make a # keys file (mode 600 for sure) and define the key number to be # used for making requests. # # 26-May-01 amo Changed requestkey, changed keys file # 21-Dec-02 amo Removed keys ( and do NOT run xntp w/ -A option ) # # keys /etc/ntp/keys # trustedkey 65535 # #equestkey 65535 # requestkey 65534 # controlkey 65535 # # # 05-Apr-01 amo Added setvar and enable and restrict # # Access Restrictions. This reflects your Policies and Preferences, # so better take your Time to update this. Matches are prioritized # "most special Match wins", i.e., a "mask 255.255.255.255" Entry # matching a Host will have highest Priority # # Default Access: Allow Config Lookup, deny Time Service and Reconfig # # restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap notrust noserve # # localhost: Allow full Access (xntpd ignores 'dangerous' Requests anyway) # Since all attached Time Sources have pseudo IP Numbers in the 127 # Network, this Entry affects them as well # # restrict 127.0.0.0 mask 255.0.0.0 # # You need to explicitly allow your servers and peers to change your # Time if your Default Access features the 'notrust' Flag; for peers, # you need to remove the 'noserve' Flag as well # # restrict 166.90.172.6 mask 255.255.255.255 nomodify notrap # # For the Machines from which you'll administer your NTP Network, # you need to remove the 'nomodify' Flag, and you'll most probably # want to remove 'noserve' as well so that you can inspect the # current Time, too # # restrict 166.90.172.6 mask 255.255.255.255 notrap notrust # # Finally, you need to remove the 'noserve' Flag for all Hosts that # are allowed to sync to this NTP Server (i.e., they run xntpd and # use this Host as server, or they run ntpdate against us) # # restrict 166.90.172.6 mask 255.255.255.0 nomodify notrap notrust # # end of file