+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+# Drift file. Put this in a directory which the daemon can write to.
+# No symbolic links allowed, either, since the daemon updates the file
+# by creating a temporary in the same directory and then rename()'ing
+# it to the file.
+driftfile /var/lib/ntp/drift
+
+# This command loads the NIST leapseconds file and initializes the leapsecond
+# values for the next leapsecond time, expiration time and TAI offset. The file
+# can be obtained directly from NIST national time servers using ftp as the
+# ASCII file pub/leap-seconds.
+leapfile /etc/ntp/ntp.leapseconds
+
+# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default kod limited nomodify notrap nopeer noquery
+restrict -6 default kod limited nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface. This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1
+restrict -6 ::1
+
+# Hosts on local network are less restricted.
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
+
+# restrict default ignore
+# restrict ntp.example.com noquery noserve
+# restrict ntp.example.net noquery noserve
+# restrict 127.0.0.1
+# restrict 127.127.1.0
-#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
-#
-server 127.127.1.0 # local clock
-fudge 127.127.1.0 stratum 0
-#
-# Drift file. Put this in a directory which the daemon can write to.
-# No symbolic links allowed, either, since the daemon updates the file
-# by creating a temporary in the same directory and then rename()'ing
-# it to the file.
-#
-driftfile /etc/ntp/drift
-multicastclient # listen on default 224.0.1.1
-broadcastdelay 0.008
+server 127.127.1.0 # local clock
+fudge 127.127.1.0 stratum 10
+
+# multicastclient 224.0.1.1 # listen on default 224.0.1.1
+broadcastdelay 0.008
#
# Authentication delay. If you use, or plan to use someday, the
# authentication facility you should make the programs in the auth_stuff
# directory and figure out what this number should be on your machine.
-#
-authenticate no
+disable auth
-#
-# Keys file. If you want to diddle your server at run time, make a
-# keys file (mode 600 for sure) and define the key number to be
-# used for making requests.
-#
-keys /etc/ntp/keys
-trustedkey 65535
-requestkey 65535
-controlkey 65535
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography.
+#keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
+
+# NTP pool project. See: http://www.pool.ntp.org/
+pool pool.ntp.org