# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+# Drift file. Put this in a directory which the daemon can write to.
+# No symbolic links allowed, either, since the daemon updates the file
+# by creating a temporary in the same directory and then rename()'ing
+# it to the file.
+driftfile /var/lib/ntp/drift
+
+# This command loads the NIST leapseconds file and initializes the leapsecond
+# values for the next leapsecond time, expiration time and TAI offset. The file
+# can be obtained directly from NIST national time servers using ftp as the
+# ASCII file pub/leap-seconds.
+leapfile /etc/ntp/ntp.leapseconds
+
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
-restrict default kod nomodify notrap nopeer noquery
-restrict -6 default kod nomodify notrap nopeer noquery
+restrict default kod limited nomodify notrap nopeer noquery
+restrict -6 default kod limited nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
-# restrict default ignore
-# restrict ntp.nasa.gov noquery noserve
-# restrict clock.isc.org noquery noserve
-# restrict 127.0.0.1
-# restrict 127.127.1.0
+# restrict default ignore
+# restrict ntp.example.com noquery noserve
+# restrict ntp.example.net noquery noserve
+# restrict 127.0.0.1
+# restrict 127.127.1.0
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
-server 127.127.1.0 # local clock
-fudge 127.127.1.0 stratum 10
+server 127.127.1.0 # local clock
+fudge 127.127.1.0 stratum 10
-# Drift file. Put this in a directory which the daemon can write to.
-# No symbolic links allowed, either, since the daemon updates the file
-# by creating a temporary in the same directory and then rename()'ing
-# it to the file.
-#
-driftfile /var/lib/ntp/drift
-multicastclient # listen on default 224.0.1.1
-broadcastdelay 0.008
+# multicastclient 224.0.1.1 # listen on default 224.0.1.1
+broadcastdelay 0.008
#
# Authentication delay. If you use, or plan to use someday, the
# authentication facility you should make the programs in the auth_stuff
# directory and figure out what this number should be on your machine.
-#
disable auth
-#
-# Keys file. If you want to diddle your server at run time, make a
-# keys file (mode 600 for sure) and define the key number to be
-# used for making requests.
-#
-#keys /etc/ntp/keys
-#trustedkey 65535
-#requestkey 65535
-#controlkey 65535
-
-# some sane servers
-server 1.pool.ntp.org
-server 2.pool.ntp.org
-server 3.pool.ntp.org
-
-# some other sane servers
-#server 150.254.183.15 # vega
-#server 213.222.193.35 # certum
-#server 193.0.71.133 # icm
-#server 153.19.250.123 # task
-#server 198.123.30.132 # nasa
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography.
+#keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
+
+# NTP pool project. See: http://www.pool.ntp.org/
+pool pool.ntp.org