Commit Graph

10 Commits

Author SHA1 Message Date
Ian Lepore
0d88e3b240 Fix a comment; the ntp leaplist file is updated periodically, but not weekly
(it's only updated when a check shows it's within 30 days of expiring).

PR:		207138
2018-06-24 03:31:23 +00:00
Ian Lepore
4b4a865284 Modernize usage of "restrict" keyword in ntp.conf
It is no longer necessary to specify a -4/-6 flag on any ntp.conf
keyword.  The address type is inferred from the address itself as
necessary.  "restrict default" statements always apply to both address
families regardless of any -4/-6 flag that may be present.

So this change just tidies up our default config by removing the redundant
restrict -6 statement and comment, and by removing the -6 flag from the
restrict keyword that allows access from localhost.

This change was inspired by the patches provided in PRs 201803 and 210245,
and included some contrib/ntp code inspection to verify that the -4/-6
keywords are basically no-ops in all contexts now.

PR:		201803 210245
Differential Revision:	https://reviews.freebsd.org/D15974
2018-06-24 03:29:00 +00:00
Ian Lepore
9f5b5f5a4d Update ntp.conf to use the ntpd pool feature.
Our previous ntp.conf file configured 3 servers from freebsd.pool.ntp.org
using 3 separate 'server' config lines.  That is now replaced with a single
'pool' line which causes ntpd to add multiple servers from the pool.

More than just making the config smaller, the pool feature in ntpd has one
major advantage over configuring 3 separate servers from a pool: if a server
that was added using a 'pool' statement provides bad time (initially or at
some later date), ntpd automatically discards it and configures a new
different server from the pool without needing to be restarted.

These changes also add a 'tos' line to control how many pool servers get
added, a 'restrict source' line that is required to allow ntpd to add new
peers from the pool, and it deletes a 'restrict 127.127.1.0' line that does
nothing and should never have been there (127.127.1.0 is not a valid IP
address, it's a refclock identifier).

Differential Revision:	https://reviews.freebsd.org/D9011
2017-01-02 15:19:22 +00:00
Cy Schubert
b5bdbd0461 Add support for automatic leap-second file updates.
The working copy of leapfile resides in /var/dbntpd.leap-seconds.list.
/etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/
or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should
automatic leapfile updates be disabled (default).

Automatic leapfile updates are fetched from $ntp_leapfile_sources,
defaulting to https://www.ietf.org/timezones/data/leap-seconds.list,
within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds
file expiry. Automatic updates can be enabled by setting
$daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting
the ntp leapfile source the automatic update randomized by default but
can be disabled through daily_ntpd_avoid_congestion="NO" in
periodic.conf.

Suggested by:	des
Reviewed by:	des, roberto, dwmalone, ian, cperciva, glebius, gjb
MFC after:	1 week
X-MFC with:	r289421, r293037
2016-01-26 07:06:44 +00:00
Cy Schubert
6f422073d1 Add default leap-seconds file. This should help ntp networks get the
leap second date correct

Updates to the file can be obtained from ftp://time.nist.gov/pub/ or
ftp://tycho.usno.navy.mil/pub/ntp/.

Suggested by:	dwmalone
Reviewed by:	roberto, dwmalone, delphij
Approved by:	roberto
MFC after:	1 week
2015-10-16 14:04:16 +00:00
Xin LI
64957baacb Add limited to the default restrictions.
X-MFC-with:	r280849
2015-03-31 19:56:46 +00:00
Xin LI
b2c730e011 Tighten default restrictions for ntpd(8) server and provide a link
to NTP access restriction documentation.

The new default restrictions would allow only time queries from a
remote system and will KoD all other requests, but still allow
localhost to do make all requests.

These restrictions are also recommended for all Internet-facing
public NTP servers.

This changeset is intended for an instant MFC to stable/10 and
releng/10.0.
2013-12-27 23:06:15 +00:00
Xin LI
82607d1ec1 As of r232844 we no longer need the maxpoll 9 workaround.
MFC after:	3 days
2012-08-20 18:45:16 +00:00
David Malone
6b560b8e98 1) Use our vendor domain at the pool.
2) Point people at the pool website and encourage
   people to provide a server in the pool (as a
   courtesy to the pool guys).
3) Fix a spelling.
4) Comment out the local clock and include a link
   to documentation for use of the local clock on
   the ntp.org site.

Approved by:	re (kib)
2009-07-13 05:51:33 +00:00
Edwin Groothuis
e530f4b50d Welcome to a default installed /etc/ntp.conf
This NTP configuration file points to the [012].pool.ntp.org servers,
which will return a list of geographical local NTP servers.
It uses the best-practice options of "iburst" and "maxpoll 9".
It gives examples on how to use the "restrict" commands, which are
unfortunately not working when you use the pool.ntp.org servers.
It sets up a fudge server so any clients syncing against this server
will always be synced even if we lose the master.

The idea of this file was briefly discussed on -net.

PR:		conf/58595
Submitted by:	Chris Stenton <jacs@gnome.co.uk>
MFC after:	1 week
2009-06-07 13:26:57 +00:00