logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

ntpd.conf.5 (7653B)

    

  1. .\" $OpenBSD: ntpd.conf.5,v 1.46 2020/05/16 16:58:12 jmc Exp $
  2. .\"
  3. .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
  4. .\"
  5. .\" Permission to use, copy, modify, and distribute this software for any
  6. .\" purpose with or without fee is hereby granted, provided that the above
  7. .\" copyright notice and this permission notice appear in all copies.
  8. .\"
  9. .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  10. .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  11. .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  12. .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13. .\" WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
  14. .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
  15. .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16. .\"
  17. .Dd $Mdocdate: May 16 2020 $
  18. .Dt NTPD.CONF 5
  19. .Os
  20. .Sh NAME
  21. .Nm ntpd.conf
  22. .Nd Network Time Protocol daemon configuration file
  23. .Sh DESCRIPTION
  24. This manual page describes the format of the
  25. .Xr ntpd 8
  26. configuration file.
  27. .Pp
  28. .Nm
  29. has the following format:
  30. .Pp
  31. Empty lines and lines beginning with the
  32. .Sq #
  33. character are ignored.
  34. .Pp
  35. Keywords may be specified multiple times within the configuration file.
  36. The basic configuration options are as follows:
  37. .Bl -tag -width Ds
  38. .It Xo Ic listen on Ar address
  39. .Op Ic rtable Ar table-id
  40. .Xc
  41. .Xr ntpd 8
  42. has the ability to sync the local clock to remote NTP servers and, if
  43. this directive is specified, can act as NTP server itself, redistributing the
  44. local clock.
  45. .Pp
  46. Specify a local IP address or a hostname the
  47. .Xr ntpd 8
  48. daemon should listen on to enable remote clients synchronization.
  49. If it appears multiple times,
  50. .Xr ntpd 8
  51. will listen on each given address.
  52. If
  53. .Sq *
  54. is given as an address,
  55. .Xr ntpd 8
  56. will listen on all local addresses using the specified routing table.
  57. .Xr ntpd 8
  58. does not listen on any address by default.
  59. The optional
  60. .Ic rtable
  61. keyword will specify which routing table to listen on, if the operating system supports rdomains.
  62. By default
  63. .Xr ntpd 8
  64. will listen using the current routing table.
  65. For example:
  66. .Bd -literal -offset indent
  67. listen on *
  68. .Ed
  69. .Pp
  70. or
  71. .Bd -literal -offset indent
  72. listen on 127.0.0.1
  73. listen on ::1
  74. listen on 127.0.0.1 rtable 4
  75. .Ed
  76. .It Ic query from Ar sourceaddr
  77. Specify a local IP address the
  78. .Xr ntpd 8
  79. daemon should use for outgoing queries to subsequently specified servers,
  80. which is useful on machines with multiple interfaces.
  81. For example:
  82. .Bd -literal -offset indent
  83. query from 192.0.2.1
  84. query from 2001:db8::1
  85. .Ed
  86. .It Xo Ic sensor Ar device
  87. .Op Ic correction Ar microseconds
  88. .Op Ic refid Ar ID-string
  89. .Op Ic stratum Ar stratum-value
  90. .Op Ic trusted
  91. .Op Ic weight Ar weight-value
  92. .Xc
  93. Specify a timedelta sensor device
  94. .Xr ntpd 8
  95. should use, if the operating system supports sensors.
  96. The sensor can be specified multiple times:
  97. .Xr ntpd 8
  98. will use each given sensor that actually exists.
  99. Non-existent sensors are ignored.
  100. If
  101. .Sq *
  102. is given as device name,
  103. .Xr ntpd 8
  104. will use all timedelta sensors it finds.
  105. .Xr ntpd 8
  106. does not use any timedelta sensor by default.
  107. For example:
  108. .Bd -literal -offset indent
  109. sensor *
  110. sensor nmea0
  111. .Ed
  112. .Pp
  113. A
  114. .Ic correction
  115. in microseconds can be given to compensate
  116. for the sensor's offset.
  117. The maximum correction is 127 seconds.
  118. For example, if a DCF77 receiver is lagging 70ms behind
  119. actual time:
  120. .Bd -literal -offset indent
  121. sensor udcf0 correction 70000
  122. .Ed
  123. .Pp
  124. A
  125. .Ic refid
  126. .Ar ID-string
  127. of up up to 4 ASCII characters can be
  128. given to publish the sensor type to clients.
  129. RFC 2030 suggests some common reference identifiers, but new identifiers
  130. "can be contrived as appropriate."
  131. If an
  132. .Ar ID-string
  133. is not given,
  134. .Xr ntpd 8
  135. will use a generic reference ID.
  136. For example:
  137. .Bd -literal -offset indent
  138. sensor nmea0 refid GPS
  139. .Ed
  140. .Pp
  141. The
  142. .Ic stratum
  143. keyword can be used to change the stratum value from the default of 1.
  144. .Pp
  145. The
  146. .Ic trusted
  147. keyword indicates the time learned is secure, trustworthy,
  148. and not vulnerable to man-in-the-middle attacks, so
  149. .Ic constraints
  150. validation is skipped.
  151. This is useful for boot-time correction in environments where
  152. .Ic constraints
  153. cannot be used.
  154. .Pp
  155. The
  156. .Ic weight
  157. keyword permits finer control over the relative importance
  158. of time sources (servers or sensor devices).
  159. Weights are specified in the range 1 to 10;
  160. if no weight is given,
  161. the default is 1.
  162. A server with a weight of 5, for example,
  163. will have five times more influence on time offset calculation
  164. than a server with a weight of 1.
  165. .It Xo Ic server Ar address
  166. .Op Ic trusted
  167. .Op Ic weight Ar weight-value
  168. .Xc
  169. Specify the IP address or the hostname of an NTP
  170. server to synchronize to.
  171. If it appears multiple times,
  172. .Xr ntpd 8
  173. will try to synchronize to all of the servers specified.
  174. If a hostname resolves to multiple IPv4 and/or IPv6 addresses,
  175. .Xr ntpd 8
  176. uses the first address.
  177. If it does not get a reply,
  178. .Xr ntpd 8
  179. retries with the next address and continues to do so until a working address
  180. is found.
  181. For example:
  182. .Bd -literal -offset indent
  183. server 10.0.0.2 weight 5
  184. server ntp.example.org weight 1
  185. .Ed
  186. .Pp
  187. To provide redundancy, it is good practice to configure multiple servers.
  188. In general, best accuracy is obtained by using servers that have a low
  189. network latency.
  190. .It Xo Ic servers Ar address
  191. .Op Ic trusted
  192. .Op Ic weight Ar weight-value
  193. .Xc
  194. As with
  195. .Cm server ,
  196. specify the IP address or hostname of an NTP server to synchronize to.
  197. If it appears multiple times,
  198. .Xr ntpd 8
  199. will try to synchronize to all of the servers specified.
  200. Should the hostname resolve to multiple IP addresses,
  201. .Xr ntpd 8
  202. will try to synchronize to all of them.
  203. For example:
  204. .Bd -literal -offset indent
  205. servers pool.ntp.org
  206. servers pool.ntp.org weight 5
  207. .Ed
  208. .El
  209. .Sh CONSTRAINTS
  210. .Xr ntpd 8
  211. can be configured to query the
  212. .Sq Date
  213. from trusted HTTPS servers via TLS.
  214. This time information is not used for precision but acts as an
  215. authenticated constraint,
  216. thereby reducing the impact of unauthenticated NTP
  217. man-in-the-middle attacks.
  218. Received NTP packets with time information falling outside of a range
  219. near the constraint will be discarded and such NTP servers will be marked as
  220. invalid.
  221. .Pp
  222. Support for constraints is only available if
  223. .Xr ntpd 8
  224. has been linked with libtls from LibreSSL. Configuring a constraint
  225. without libtls causes
  226. .Xr ntpd 8
  227. to log a warning message on startup.
  228. .Bl -tag -width Ds
  229. .It Ic constraint from Ar url [ip...]
  230. Specify the URL, IP address or the hostname of an HTTPS server to
  231. provide a constraint.
  232. If the url is followed by one or more addresses the url and addresses will be
  233. tried until a working one is found.
  234. The url path and expected certificate name is always taken from the
  235. url specified.
  236. If
  237. .Ic constraint from
  238. is used more than once,
  239. .Xr ntpd 8
  240. will calculate a median constraint from all the servers specified.
  241. .Bd -literal -offset indent
  242. server ntp.example.org
  243. constraint from www.example.com
  244. constraint from "https://9.9.9.9" "2620:fe::9"
  245. .Ed
  246. .It Ic constraints from Ar url
  247. As with
  248. .Ic constraint from ,
  249. specify the URL, IP address or the hostname of an HTTPS server to
  250. provide a constraint.
  251. Should the hostname resolve to multiple IP addresses,
  252. .Xr ntpd 8
  253. will calculate a median constraint from all of them.
  254. For example:
  255. .Bd -literal -offset indent
  256. servers pool.ntp.org
  257. constraints from "https://www.google.com/"
  258. .Ed
  259. .El
  260. .Sh FILES
  261. .Bl -tag -width /etc/examples/ntpd.conf -compact
  262. .It Pa /etc/ntpd.conf
  263. Default
  264. .Xr ntpd 8
  265. configuration file.
  266. .It Pa /etc/examples/ntpd.conf
  267. Example configuration file.
  268. .El
  269. .Sh SEE ALSO
  270. .Xr ntpctl 8 ,
  271. .Xr ntpd 8 ,
  272. .Xr sysctl 8
  273. .Sh HISTORY
  274. The
  275. .Nm
  276. file format first appeared in
  277. .Ox 3.6 .