Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8721 Commits
49 Branches
506 MiB
Tree: a7e0353e66
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a7e0353e66'
${ noResults }
openntpd-openbsd/src/usr.sbin/ntpd/ntpd.conf.5

265 lines
7.0 KiB
Raw Normal View History

list example files in FILES with a short description: generally, "Example configuration file.", but occasionally something else fit better; at the same time, try to make the format for FILES more consistent; original diff from clematis
4 years ago
bloody attempt at a manpage
20 years ago
list example files in FILES with a short description: generally, "Example configuration file.", but occasionally something else fit better; at the same time, try to make the format for FILES more consistent; original diff from clematis
4 years ago
bloody attempt at a manpage
20 years ago
tweaks; ok henning@
20 years ago
tweaks; ok henning@
20 years ago
tweaks; ok henning@
20 years ago
document the optional "weight" keyword, and a little cleanup; from henning and myself
18 years ago
various cleanup: - mention '#' comments - fix macros for directives - typos - change list display - ntp -> NTP - slight rewording help and ok jmc ok henning otto
20 years ago
document that keywords can be specified multiple times; from otto and myself; prodded by henning;
19 years ago
Move the constraints in a new section and add a preamble to explain the functionality. Requested by henning@ OK beck@ deraadt@
9 years ago
various cleanup: - mention '#' comments - fix macros for directives - typos - change list display - ntp -> NTP - slight rewording help and ok jmc ok henning otto
20 years ago
Add rdomain support to NTPd. This basically adds the "rtable %d" keyword to "listen on", "server", "servers" keywords, to specify which routing table to use. OK henning@ claudio@ sthen@ manpage reviewed by jmc@
12 years ago
various cleanup: - mention '#' comments - fix macros for directives - typos - change list display - ntp -> NTP - slight rewording help and ok jmc ok henning otto
20 years ago
tweaks; ok henning@
20 years ago
bloody attempt at a manpage
20 years ago
document that keywords can be specified multiple times; from otto and myself; prodded by henning;
19 years ago
tweaks; ok henning@
20 years ago
bloody attempt at a manpage
20 years ago
document listen on *
20 years ago
tweaks; ok henning@
20 years ago
Add rdomain support to NTPd. This basically adds the "rtable %d" keyword to "listen on", "server", "servers" keywords, to specify which routing table to use. OK henning@ claudio@ sthen@ manpage reviewed by jmc@
12 years ago
tweaks; ok henning@
20 years ago
Add rdomain support to NTPd. This basically adds the "rtable %d" keyword to "listen on", "server", "servers" keywords, to specify which routing table to use. OK henning@ claudio@ sthen@ manpage reviewed by jmc@
12 years ago
document the "servers" keyword
20 years ago
make listen on example idiot proof suggested by "Karsten W. Rohrbach" <karsten@rohrbach.de>
18 years ago
document the "servers" keyword
20 years ago
Add rdomain support to NTPd. This basically adds the "rtable %d" keyword to "listen on", "server", "servers" keywords, to specify which routing table to use. OK henning@ claudio@ sthen@ manpage reviewed by jmc@
12 years ago
tweak previous;
7 years ago
Standardize argument naming for "sourceaddr" and unify the wording a bit, similar to what deraadt@ recently did in other manual pages.
4 years ago
tweak previous;
7 years ago
add option "query from <ip>" to ntpd.conf, to specify a local IP address for outgoing ntp queries. From Job Snijders, thanks! with feedback and ok henning@
7 years ago
Standardize argument naming for "sourceaddr" and unify the wording a bit, similar to what deraadt@ recently did in other manual pages.
4 years ago
tweak previous;
7 years ago
add option "query from <ip>" to ntpd.conf, to specify a local IP address for outgoing ntp queries. From Job Snijders, thanks! with feedback and ok henning@
7 years ago
document the "servers" keyword
20 years ago
document the optional "weight" keyword, and a little cleanup; from henning and myself
18 years ago
Add a knob to compensate for a refclock that is early or late. Based on a diff from Maurice Janssen. Manpage help from jmc and Maurice, other nits from deraadt and otto. ok deraadt, otto
16 years ago
alphatically order sub-options for sensors, and make the explanations more similar ok jmc schwarze
4 years ago
Allow ntpd.conf to assign a stratum to a sensor with the syntax stratum <level>. OK markus@ henning@ phessler@ jmc@
11 years ago
trusted sub-option works on sensors also now; ok otto
4 years ago
alphatically order sub-options for sensors, and make the explanations more similar ok jmc schwarze
4 years ago
document the optional "weight" keyword, and a little cleanup; from henning and myself
18 years ago
document timedelat sensors. ok deraadt
18 years ago
document the optional "weight" keyword, and a little cleanup; from henning and myself
18 years ago
document timedelat sensors. ok deraadt
18 years ago
document the optional "weight" keyword, and a little cleanup; from henning and myself
18 years ago
document timedelat sensors. ok deraadt
18 years ago
- use nmea(4) for general sensor example rather than udcf(4) which only works in w.europe - use a more realistic value for udcf correction example - use a GPS-only receiver for "refid GPS" example suggested/ok mbalmer
15 years ago
document timedelat sensors. ok deraadt
18 years ago
Add a knob to compensate for a refclock that is early or late. Based on a diff from Maurice Janssen. Manpage help from jmc and Maurice, other nits from deraadt and otto. ok deraadt, otto
16 years ago
alphatically order sub-options for sensors, and make the explanations more similar ok jmc schwarze
4 years ago
Add a knob to compensate for a refclock that is early or late. Based on a diff from Maurice Janssen. Manpage help from jmc and Maurice, other nits from deraadt and otto. ok deraadt, otto
16 years ago
- use nmea(4) for general sensor example rather than udcf(4) which only works in w.europe - use a more realistic value for udcf correction example - use a GPS-only receiver for "refid GPS" example suggested/ok mbalmer
15 years ago
Add a knob to compensate for a refclock that is early or late. Based on a diff from Maurice Janssen. Manpage help from jmc and Maurice, other nits from deraadt and otto. ok deraadt, otto
16 years ago
- use nmea(4) for general sensor example rather than udcf(4) which only works in w.europe - use a more realistic value for udcf correction example - use a GPS-only receiver for "refid GPS" example suggested/ok mbalmer
15 years ago
Add a knob to compensate for a refclock that is early or late. Based on a diff from Maurice Janssen. Manpage help from jmc and Maurice, other nits from deraadt and otto. ok deraadt, otto
16 years ago
Allow outgoing replies from sensor-driven servers to have a user-configurable reference ID, eg. "GPS" or "DCF"... ok mbalmer
16 years ago
alphatically order sub-options for sensors, and make the explanations more similar ok jmc schwarze
4 years ago
Allow outgoing replies from sensor-driven servers to have a user-configurable reference ID, eg. "GPS" or "DCF"... ok mbalmer
16 years ago
alphatically order sub-options for sensors, and make the explanations more similar ok jmc schwarze
4 years ago
Allow outgoing replies from sensor-driven servers to have a user-configurable reference ID, eg. "GPS" or "DCF"... ok mbalmer
16 years ago
- use nmea(4) for general sensor example rather than udcf(4) which only works in w.europe - use a more realistic value for udcf correction example - use a GPS-only receiver for "refid GPS" example suggested/ok mbalmer
15 years ago
Allow outgoing replies from sensor-driven servers to have a user-configurable reference ID, eg. "GPS" or "DCF"... ok mbalmer
16 years ago
Allow ntpd.conf to assign a stratum to a sensor with the syntax stratum <level>. OK markus@ henning@ phessler@ jmc@
11 years ago
alphatically order sub-options for sensors, and make the explanations more similar ok jmc schwarze
4 years ago
markup from jan stary;
7 years ago
alphatically order sub-options for sensors, and make the explanations more similar ok jmc schwarze
4 years ago
trusted sub-option works on sensors also now; ok otto
4 years ago
tweak previous; ok deraadt
4 years ago
trusted sub-option works on sensors also now; ok otto
4 years ago
alphatically order sub-options for sensors, and make the explanations more similar ok jmc schwarze
4 years ago
document the optional "weight" keyword, and a little cleanup; from henning and myself
18 years ago
document server/servers "trusted" sub-option. Indicates a particular server is wired up such that non MITM attacks are possible, and NTP packets can be trusted. Therefore constraint validity is not required, and during boot ntpd can spin-up correct time faster. with otto, ok jmc schwarze
4 years ago
use 'weight-value' vs. 'offset' for the weight argument; ok jmc@ henning@
17 years ago
document the optional "weight" keyword, and a little cleanup; from henning and myself
18 years ago
tweaks; ok henning@
20 years ago
various cleanup: - mention '#' comments - fix macros for directives - typos - change list display - ntp -> NTP - slight rewording help and ok jmc ok henning otto
20 years ago
document that keywords can be specified multiple times; from otto and myself; prodded by henning;
19 years ago
document the "servers" keyword
20 years ago
various cleanup: - mention '#' comments - fix macros for directives - typos - change list display - ntp -> NTP - slight rewording help and ok jmc ok henning otto
20 years ago
document the "servers" keyword
20 years ago
tweaks; ok henning@
20 years ago
bloody attempt at a manpage
20 years ago
document the optional "weight" keyword, and a little cleanup; from henning and myself
18 years ago
Allowing upstream servers of ntp being in multiple routing tables is non-sensical. The dns lookups happened in the process routing table (usually '0'), which is very likely to have different results from the other routing domains. If you do depend on having this behaviour, you'll need to use pf to cross the rtable boundary. "listen on * rtable X" is still supported. Users of "server * rtable X" will need to switch to launching ntpd with "route -T X exec /usr/sbin/ntpd" OK deraadt@
8 years ago
document the "servers" keyword
20 years ago
Advice user to use multiple servers. Prodded by Daniel Polak, help and ok jmc@ ok henning@
19 years ago
document the optional "weight" keyword, and a little cleanup; from henning and myself
18 years ago
document server/servers "trusted" sub-option. Indicates a particular server is wired up such that non MITM attacks are possible, and NTP packets can be trusted. Therefore constraint validity is not required, and during boot ntpd can spin-up correct time faster. with otto, ok jmc schwarze
4 years ago
use 'weight-value' vs. 'offset' for the weight argument; ok jmc@ henning@
17 years ago
document the optional "weight" keyword, and a little cleanup; from henning and myself
18 years ago
document the "servers" keyword
20 years ago
various cleanup: - mention '#' comments - fix macros for directives - typos - change list display - ntp -> NTP - slight rewording help and ok jmc ok henning otto
20 years ago
document that keywords can be specified multiple times; from otto and myself; prodded by henning;
19 years ago
various cleanup: - mention '#' comments - fix macros for directives - typos - change list display - ntp -> NTP - slight rewording help and ok jmc ok henning otto
20 years ago
document the "servers" keyword
20 years ago
various cleanup: - mention '#' comments - fix macros for directives - typos - change list display - ntp -> NTP - slight rewording help and ok jmc ok henning otto
20 years ago
document the "servers" keyword
20 years ago
Allowing upstream servers of ntp being in multiple routing tables is non-sensical. The dns lookups happened in the process routing table (usually '0'), which is very likely to have different results from the other routing domains. If you do depend on having this behaviour, you'll need to use pf to cross the rtable boundary. "listen on * rtable X" is still supported. Users of "server * rtable X" will need to switch to launching ntpd with "route -T X exec /usr/sbin/ntpd" OK deraadt@
8 years ago
bloody attempt at a manpage
20 years ago
Move the constraints in a new section and add a preamble to explain the functionality. Requested by henning@ OK beck@ deraadt@
9 years ago
do not encourage random uppercasing;
9 years ago
Move the constraints in a new section and add a preamble to explain the functionality. Requested by henning@ OK beck@ deraadt@
9 years ago
some fixes from max fillinger, tweaked a little by myself; ok reyk
9 years ago
Move the constraints in a new section and add a preamble to explain the functionality. Requested by henning@ OK beck@ deraadt@
9 years ago
Allow the singular constraint clause to list multiple addresses; ok deraadt@
4 years ago
tweak previous;
9 years ago
Move the constraints in a new section and add a preamble to explain the functionality. Requested by henning@ OK beck@ deraadt@
9 years ago
Allow the singular constraint clause to list multiple addresses; ok deraadt@
4 years ago
some fixes from max fillinger, tweaked a little by myself; ok reyk
9 years ago
Move the constraints in a new section and add a preamble to explain the functionality. Requested by henning@ OK beck@ deraadt@
9 years ago
Fix example, syntax is "constraint from www.example.com" (with "from"). Reported by Stefan Wollny.
9 years ago
Allow the singular constraint clause to list multiple addresses; ok deraadt@
4 years ago
Move the constraints in a new section and add a preamble to explain the functionality. Requested by henning@ OK beck@ deraadt@
9 years ago
some fixes from max fillinger, tweaked a little by myself; ok reyk
9 years ago
tweak previous;
9 years ago
Move the constraints in a new section and add a preamble to explain the functionality. Requested by henning@ OK beck@ deraadt@
9 years ago
Simplify example constraints URL to reduce load on the server side. ok henning@, reyk@
9 years ago
Move the constraints in a new section and add a preamble to explain the functionality. Requested by henning@ OK beck@ deraadt@
9 years ago
bloody attempt at a manpage
20 years ago
briefly mention /etc/examples/ in the FILES section of all the manual pages that document the corresponding configuration files; OK jmc@, and general direction discussed with many
4 years ago
bloody attempt at a manpage
20 years ago
list example files in FILES with a short description: generally, "Example configuration file.", but occasionally something else fit better; at the same time, try to make the format for FILES more consistent; original diff from clematis
4 years ago
various cleanup: - mention '#' comments - fix macros for directives - typos - change list display - ntp -> NTP - slight rewording help and ok jmc ok henning otto
20 years ago
list example files in FILES with a short description: generally, "Example configuration file.", but occasionally something else fit better; at the same time, try to make the format for FILES more consistent; original diff from clematis
4 years ago
briefly mention /etc/examples/ in the FILES section of all the manual pages that document the corresponding configuration files; OK jmc@, and general direction discussed with many
4 years ago
list example files in FILES with a short description: generally, "Example configuration file.", but occasionally something else fit better; at the same time, try to make the format for FILES more consistent; original diff from clematis
4 years ago
bloody attempt at a manpage
20 years ago
Xr ntpctl; from Rob Pierce
8 years ago
document timedelat sensors. ok deraadt
18 years ago
bloody attempt at a manpage
20 years ago
 
  1. .\" $OpenBSD: ntpd.conf.5,v 1.46 2020/05/16 16:58:12 jmc Exp $
  2. .\"
  3. .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
  4. .\"
  5. .\" Permission to use, copy, modify, and distribute this software for any
  6. .\" purpose with or without fee is hereby granted, provided that the above
  7. .\" copyright notice and this permission notice appear in all copies.
  8. .\"
  9. .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  10. .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  11. .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  12. .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13. .\" WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
  14. .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
  15. .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16. .\"
  17. .Dd $Mdocdate: May 16 2020 $
  18. .Dt NTPD.CONF 5
  19. .Os
  20. .Sh NAME
  21. .Nm ntpd.conf
  22. .Nd Network Time Protocol daemon configuration file
  23. .Sh DESCRIPTION
  24. This manual page describes the format of the
  25. .Xr ntpd 8
  26. configuration file.
  27. .Pp
  28. .Nm
  29. has the following format:
  30. .Pp
  31. Empty lines and lines beginning with the
  32. .Sq #
  33. character are ignored.
  34. .Pp
  35. Keywords may be specified multiple times within the configuration file.
  36. The basic configuration options are as follows:
  37. .Bl -tag -width Ds
  38. .It Xo Ic listen on Ar address
  39. .Op Ic rtable Ar table-id
  40. .Xc
  41. Specify a local IP address or a hostname the
  42. .Xr ntpd 8
  43. daemon should listen on.
  44. If it appears multiple times,
  45. .Xr ntpd 8
  46. will listen on each given address.
  47. If
  48. .Sq *
  49. is given as an address,
  50. .Xr ntpd 8
  51. will listen on all local addresses using the specified routing table.
  52. .Xr ntpd 8
  53. does not listen on any address by default.
  54. The optional
  55. .Ic rtable
  56. keyword will specify which routing table to listen on.
  57. By default
  58. .Xr ntpd 8
  59. will listen using the current routing table.
  60. For example:
  61. .Bd -literal -offset indent
  62. listen on *
  63. .Ed
  64. .Pp
  65. or
  66. .Bd -literal -offset indent
  67. listen on 127.0.0.1
  68. listen on ::1
  69. listen on 127.0.0.1 rtable 4
  70. .Ed
  71. .It Ic query from Ar sourceaddr
  72. Specify a local IP address the
  73. .Xr ntpd 8
  74. daemon should use for outgoing queries to subsequently specified servers,
  75. which is useful on machines with multiple interfaces.
  76. For example:
  77. .Bd -literal -offset indent
  78. query from 192.0.2.1
  79. query from 2001:db8::1
  80. .Ed
  81. .It Xo Ic sensor Ar device
  82. .Op Ic correction Ar microseconds
  83. .Op Ic refid Ar ID-string
  84. .Op Ic stratum Ar stratum-value
  85. .Op Ic trusted
  86. .Op Ic weight Ar weight-value
  87. .Xc
  88. Specify a timedelta sensor device
  89. .Xr ntpd 8
  90. should use.
  91. The sensor can be specified multiple times:
  92. .Xr ntpd 8
  93. will use each given sensor that actually exists.
  94. Non-existent sensors are ignored.
  95. If
  96. .Sq *
  97. is given as device name,
  98. .Xr ntpd 8
  99. will use all timedelta sensors it finds.
  100. .Xr ntpd 8
  101. does not use any timedelta sensor by default.
  102. For example:
  103. .Bd -literal -offset indent
  104. sensor *
  105. sensor nmea0
  106. .Ed
  107. .Pp
  108. A
  109. .Ic correction
  110. in microseconds can be given to compensate
  111. for the sensor's offset.
  112. The maximum correction is 127 seconds.
  113. For example, if a DCF77 receiver is lagging 70ms behind
  114. actual time:
  115. .Bd -literal -offset indent
  116. sensor udcf0 correction 70000
  117. .Ed
  118. .Pp
  119. A
  120. .Ic refid
  121. .Ar ID-string
  122. of up up to 4 ASCII characters can be
  123. given to publish the sensor type to clients.
  124. RFC 2030 suggests some common reference identifiers, but new identifiers
  125. "can be contrived as appropriate."
  126. If an
  127. .Ar ID-string
  128. is not given,
  129. .Xr ntpd 8
  130. will use a generic reference ID.
  131. For example:
  132. .Bd -literal -offset indent
  133. sensor nmea0 refid GPS
  134. .Ed
  135. .Pp
  136. The
  137. .Ic stratum
  138. keyword can be used to change the stratum value from the default of 1.
  139. .Pp
  140. The
  141. .Ic trusted
  142. keyword indicates the time learned is secure, trustworthy,
  143. and not vulnerable to man-in-the-middle attacks, so
  144. .Ic constraints
  145. validation is skipped.
  146. This is useful for boot-time correction in environments where
  147. .Ic constraints
  148. cannot be used.
  149. .Pp
  150. The
  151. .Ic weight
  152. keyword permits finer control over the relative importance
  153. of time sources (servers or sensor devices).
  154. Weights are specified in the range 1 to 10;
  155. if no weight is given,
  156. the default is 1.
  157. A server with a weight of 5, for example,
  158. will have five times more influence on time offset calculation
  159. than a server with a weight of 1.
  160. .It Xo Ic server Ar address
  161. .Op Ic trusted
  162. .Op Ic weight Ar weight-value
  163. .Xc
  164. Specify the IP address or the hostname of an NTP
  165. server to synchronize to.
  166. If it appears multiple times,
  167. .Xr ntpd 8
  168. will try to synchronize to all of the servers specified.
  169. If a hostname resolves to multiple IPv4 and/or IPv6 addresses,
  170. .Xr ntpd 8
  171. uses the first address.
  172. If it does not get a reply,
  173. .Xr ntpd 8
  174. retries with the next address and continues to do so until a working address
  175. is found.
  176. For example:
  177. .Bd -literal -offset indent
  178. server 10.0.0.2 weight 5
  179. server ntp.example.org weight 1
  180. .Ed
  181. .Pp
  182. To provide redundancy, it is good practice to configure multiple servers.
  183. In general, best accuracy is obtained by using servers that have a low
  184. network latency.
  185. .It Xo Ic servers Ar address
  186. .Op Ic trusted
  187. .Op Ic weight Ar weight-value
  188. .Xc
  189. As with
  190. .Cm server ,
  191. specify the IP address or hostname of an NTP server to synchronize to.
  192. If it appears multiple times,
  193. .Xr ntpd 8
  194. will try to synchronize to all of the servers specified.
  195. Should the hostname resolve to multiple IP addresses,
  196. .Xr ntpd 8
  197. will try to synchronize to all of them.
  198. For example:
  199. .Bd -literal -offset indent
  200. servers pool.ntp.org
  201. servers pool.ntp.org weight 5
  202. .Ed
  203. .El
  204. .Sh CONSTRAINTS
  205. .Xr ntpd 8
  206. can be configured to query the
  207. .Sq Date
  208. from trusted HTTPS servers via TLS.
  209. This time information is not used for precision but acts as an
  210. authenticated constraint,
  211. thereby reducing the impact of unauthenticated NTP
  212. man-in-the-middle attacks.
  213. Received NTP packets with time information falling outside of a range
  214. near the constraint will be discarded and such NTP servers
  215. will be marked as invalid.
  216. .Bl -tag -width Ds
  217. .It Ic constraint from Ar url [ip...]
  218. Specify the URL, IP address or the hostname of an HTTPS server to
  219. provide a constraint.
  220. If the url is followed by one or more addresses the url and addresses will be
  221. tried until a working one is found.
  222. The url path and expected certificate name is always taken from the
  223. url specified.
  224. If
  225. .Ic constraint from
  226. is used more than once,
  227. .Xr ntpd 8
  228. will calculate a median constraint from all the servers specified.
  229. .Bd -literal -offset indent
  230. server ntp.example.org
  231. constraint from www.example.com
  232. constraint from "https://9.9.9.9" "2620:fe::9"
  233. .Ed
  234. .It Ic constraints from Ar url
  235. As with
  236. .Ic constraint from ,
  237. specify the URL, IP address or the hostname of an HTTPS server to
  238. provide a constraint.
  239. Should the hostname resolve to multiple IP addresses,
  240. .Xr ntpd 8
  241. will calculate a median constraint from all of them.
  242. For example:
  243. .Bd -literal -offset indent
  244. servers pool.ntp.org
  245. constraints from "https://www.google.com/"
  246. .Ed
  247. .El
  248. .Sh FILES
  249. .Bl -tag -width /etc/examples/ntpd.conf -compact
  250. .It Pa /etc/ntpd.conf
  251. Default
  252. .Xr ntpd 8
  253. configuration file.
  254. .It Pa /etc/examples/ntpd.conf
  255. Example configuration file.
  256. .El
  257. .Sh SEE ALSO
  258. .Xr ntpctl 8 ,
  259. .Xr ntpd 8 ,
  260. .Xr sysctl 8
  261. .Sh HISTORY
  262. The
  263. .Nm
  264. file format first appeared in
  265. .Ox 3.6 .