1NTP.CONF(5)                         NTPsec                         NTP.CONF(5)
2
3
4

NAME

6       ntp.conf - Network Time Protocol (NTP) daemon configuration file format
7

SYNOPSIS

9       /etc/ntp.conf
10

DESCRIPTION

12       The ntp.conf configuration file is read at initial startup by the
13       ntpd(8) daemon in order to specify the synchronization sources, modes,
14       and other related information. Usually, it is installed in the /etc
15       directory, but could be installed elsewhere (see the daemon’s -c
16       command line option).
17
18       The file format is similar to other UNIX configuration files. Comments
19       begin with a ‘#’ character and extend to the end of the line; blank
20       lines are ignored. Configuration commands consist of an initial keyword
21       followed by a list of arguments, some of which may be optional,
22       separated by whitespace. Commands may not be continued over multiple
23       lines. Arguments may be host names, host addresses written in numeric,
24       dotted-quad form, integers, floating point numbers (when specifying
25       times in seconds) and text strings.
26
27       Configuration files may have inclusion lines. The syntax is includefile
28       followed by whitespace followed by a file or directory name. The
29       configuration is evaluated as though the text of the file - or all
30       files of the directory with the extension ".conf" - were textually
31       spliced in at the point of the include. Relative paths will work, even
32       when the -c option changes the config directory root.
33
34       The rest of this page describes the configuration and control options.
35       The "Notes on Configuring NTP and Setting up an NTP Subnet" page
36       (available as part of the HTML documentation provided under
37       /usr/share/doc/ntp) contains an extended discussion of these options.
38       In addition to the discussion of general Configuration Options, there
39       are sections describing the following supported functionality and the
40       options used to control it:
41
42       •   Authentication Support
43
44       •   NTS Support
45
46       •   Monitoring Support
47
48       •   Access Control Support
49
50       •   Automatic NTP Configuration Options
51
52       •   Reference Clock Support
53
54       •   Miscellaneous Options
55
56       Following these is a section describing Miscellaneous Options. While
57       there is a rich set of options available, the only required option is
58       one or more pool, server, peer, or broadcast commands.
59

CONFIGURATION SUPPORT

61       Following is a description of the configuration commands in NTPv4.
62       There are two classes of commands, association commands that configure
63       a persistent association with a remote server or peer or reference
64       clock, and auxiliary commands that specify environment variables that
65       control various related operations.
66
67   Association Commands
68       Only those options applicable to each command are listed below. Use of
69       options not listed may not be caught as an error, but may result in
70       some weird and even destructive behavior.
71
72       In contexts where a host name is expected, a -4 or --ipv4 qualifier
73       preceding the host name forces DNS resolution to the IPv4 namespace,
74       while a -6 or --ipv6 qualifier forces DNS resolution to the IPv6
75       namespace.
76
77       In these commands, an address can be any of (a) an IPV4 address in
78       a.b.c.d format, (b) an IPV6 address in [a:b:c:d:e:f:g:h] format, (c) a
79       link-local IPV6 address with an interface specified in
80       [a:b:c:d:e:f:g:h]%device format, or (d) a DNS hostname.
81
82       pool address [burst] [iburst] [version version] [prefer] [minpoll
83       minpoll] [maxpoll maxpoll] [preempt]
84
85       server address [key key] [burst] [iburst] [version version] [prefer]
86       [minpoll minpoll] [maxpoll maxpoll]
87
88       peer address [key key] [version version] [prefer] [minpoll minpoll]
89       [maxpoll maxpoll]
90
91       unpeer [address | associd | clock clocktype [unit unitnum]]
92           These four commands specify the time server name or address to be
93           used and the mode in which to operate. The address can be either a
94           DNS name or an IP address in dotted-quad notation. If it is a
95           refclock, it can be clock followed by a type-unit pair as in the
96           refclock directive; a missing unit clause is interpreted as unit 0.
97
98       pool
99           For server addresses, this command mobilizes a persistent client
100           mode association with a number of remote servers. In this mode the
101           local clock can synchronized to the remote server, but the remote
102           server can never be synchronized to the local clock.
103
104       server
105           For server addresses, this command mobilizes a persistent client
106           mode association with the specified remote server or local radio
107           clock. In this mode the local clock can synchronized to the remote
108           server, but the remote server can never be synchronized to the
109           local clock.
110
111       peer
112           NTP peer mode has been removed for security reasons. peer is now
113           just an alias for the server keyword. See above.
114
115       unpeer
116           This command removes a previously configured association. An
117           address or association ID can be used to identify the association.
118           Either an IP address or DNS name can be used. This command is most
119           useful when supplied via ntpq runtime configuration commands config
120           and config-from-file.
121
122   Association Options
123       bias
124           Add the command argument, a floating-point value in seconds, to the
125           time offset (θ) computed for this server; this may be useful
126           if you are a client on a network connection such as an ADSL line
127           where there is a predictable asymmetry between upstream and
128           downstream flight times. One way you might see this is if you use a
129           fixed set of others and one has a stable offset that is an outlier
130           from the others; in that case, you might want to use bias to
131           compensate out the offset.
132
133       burst
134           When the server is reachable, send a burst of eight packets instead
135           of the usual one. The packet spacing is normally 2 s; however, the
136           spacing between the first and second packets can be changed with
137           the calldelay command to allow additional time for a modem or ISDN
138           call to complete; this is designed to improve timekeeping quality
139           with the server command.
140
141       iburst
142           When the server is unreachable, send a burst of six packets instead
143           of the usual one. The packet spacing is normally 2 s; however, the
144           spacing between the first and second packets can be changed with
145           the calldelay command to allow additional time for a modem or ISDN
146           call to complete; this is designed to speed the initial
147           synchronization acquisition with the server command, and when
148           ntpd(8) is started with the -q option.
149
150       key key
151           All packets sent to and received from the server or peer are to
152           include authentication fields encrypted using the specified key
153           identifier with values from 1 to 65535, inclusive. The default is
154           to include no encryption field.
155
156       minpoll minpoll, maxpoll maxpoll
157           These options specify the minimum and maximum poll intervals for
158           NTP messages, as a power of 2 in seconds. The maximum poll interval
159           defaults to 10 (1,024 s), but can be increased by the maxpoll
160           option to an upper limit of 17 (36.4 h). The minimum poll interval
161           defaults to 6 (64 s), but can be decreased by the minpoll option to
162           a lower limit of 0 (1 s).
163
164       mode option
165           Pass the option to a reference clock driver. This option is valid
166           only with refclock addresses.
167
168       noselect
169           Marks the server as unused, except for display purposes. The server
170           is discarded by the selection algorithm.
171
172       prefer
173           Marks the server as preferred. All other things being equal, this
174           host will be chosen for synchronization among a set of correctly
175           operating hosts. See the "Mitigation Rules and the prefer Keyword"
176           page for further information.
177
178       true
179           Mark the association to assume truechimer status; that is, always
180           survive the selection and clustering algorithms. This option can be
181           used with any association but is most useful for reference clocks
182           with large jitter on the serial port and precision pulse-per-second
183           (PPS) signals. Caution: this option defeats the algorithms designed
184           to cast out falsetickers and can allow these sources to set the
185           system clock. This option is valid only with the server command.
186
187       version version
188           Specifies the version number to be used for outgoing NTP packets.
189           Versions 1-4 are the choices, with version 4 the default.
190
191   Association Auxiliary Commands
192       mdnstries number
193           If we are participating in mDNS, after we have synched for the
194           first time we attempt to register with the mDNS system. If that
195           registration attempt fails, we try again at one minute intervals
196           for up to number times. After all, ntpd may be starting before
197           mDNS. The default value for mdnstries is 5.
198
199   Authentication Commands
200       The following declarations control MAC authentication:
201
202       controlkey key
203           Specifies the key identifier to use with the ntpq(1) utility, which
204           uses the standard protocol defined in RFC 5905. The key argument is
205           the key identifier for a trusted key, where the value can be in the
206           range 1 to 65,535, inclusive.
207
208       keys keyfile
209           Specifies the complete path and location of the key file containing
210           the keys and key identifiers used by ntpd(8), and ntpq(1) when
211           operating with symmetric-key cryptography. This is the same
212           operation as the -k command line option.
213
214       trustedkey key...
215           Specifies the key identifiers which are trusted for the purposes of
216           authenticating peers with symmetric key cryptography, as well as
217           keys used by the ntpq(1) program. Multiple keys on the same line
218           should be separated by spaces. Key ranges can be specified as
219           (first ... last). The spaces around the ... are necessary. Multiple
220           trustedkey lines are supported and trusted keys can also be
221           specified on the command line.
222
223       The MAC authentication procedures require that both the local and
224       remote servers share the same key and key identifier for this purpose,
225       although different keys can be used with different servers. The key
226       arguments are 32-bit unsigned integers with values from 1 to 65,535.
227
228   NTS Commands
229       The following command controls NTS authentication. It overrides normal
230       TLS protocol negotiation, which is not usually necessary.
231
232       nts [enable|disable] [mintls version] [maxtls version] [tlsciphersuites
233       name]
234
235       The options are as follows:
236
237       cert file
238           Present the certificate in file as our certificate.
239
240       key file
241           Read the private key to our certificate from file.
242
243       ca location
244           Use the file, or directory, specified by location to validate
245           NTS-KE server certificates instead of the system default root
246           certificates. If a directory is specified, it must have files named
247           with their hash, as created by openssl rehash.
248
249       cookie location
250           Use the file (or directory) specified by location to store the keys
251           used to make and decode cookies. The default is
252           /var/lib/ntp/nts-keys.
253
254       enable
255           Enable NTS-KE server. When enabled, cert and key are required.
256
257       disable
258           Disable NTS-KE server.
259
260       mintls string
261           Set the lowest allowable TLS version to negotiate. Will be useful
262           in the wake of a TLS compromise. Reasonable values are TLS1.3 if
263           your system supports it. TLS 1.3 was first supported in OpenSSL
264           version 1.1.1.
265
266       maxtls string
267           Set the highest allowable TLS version to negotiate. By setting
268           mintls and maxtls equal, you can force the TLS version for testing.
269           Format is as for mintls.
270
271       tlsciphersuites string
272           An OpenSSL ciphersuite list to configure the allowed ciphersuites
273           for TLS 1.3. A single NULL cipher disables encryption and use of
274           certificates.
275
276       aead string
277           Specify the crypto algorithm to be used on the wire. The choices
278           come from RFC 5297. The only options supported are
279           AES_SIV_CMAC_256, AES_SIV_CMAC_384, and AES_SIV_CMAC_512. This slot
280           is dual use. It is the server default if the remote client doesn’t
281           request a valid choice and it is also the preference passed to the
282           remote client if the server command doesn’t specify a preference.
283           The default is AES_SIV_CMAC_256.
284
285       The following options of the server command configure NTS (as a
286       client).
287
288       nts
289           Use Network Time Security (NTS) for authentication. Normally, this
290           is all you have to do to activate the client side of NTS. + The
291           hostname following the server command is used as the address of the
292           NTS key exchange server (NTS-KE) rather than the address of a NTP
293           server. The NTS-KE exchange defaults to using the same IP address
294           for the NTP server. + Note that the server hostname must match the
295           name on the NTS-KE server’s certificate.
296
297       noval
298           Do not validate the server certificate.
299
300       ca location
301           Use the file, or directory, specified by location to validate the
302           NTS-KE server certificate, overriding the site default. Do not use
303           any other CA. If a directory is specified, it must have files named
304           with their hash, as created by openssl rehash.
305
306       aead string
307           Specify the preferred crypto algorithm to be used on the wire. The
308           only options supported are AES_SIV_CMAC_256, AES_SIV_CMAC_384, and
309           AES_SIV_CMAC_512. The server may ignore the request. See the aead
310           option above. + The same aead algorithms are also used to encrypt
311           cookies. The default is AES_SIV_CMAC_256. There is no config file
312           option to change it, but you can change it by editing the saved
313           cookie key file, probably /var/lib/ntp/nts-keys. Adjust the L: slot
314           to be 48 or 64 and adjust the I: slots to have the right number of
315           bytes. Then restart the server. (All old cookies held by clients
316           will be rejected so their next 8 NTP requests will be ignored. They
317           should recover by retrying NTS-KE to get fresh cookies.)
318

MONITORING SUPPORT

320       ntpd(8) includes a comprehensive monitoring facility suitable for
321       continuous, long term recording of server and client timekeeping
322       performance. See the statistics command below for a listing and example
323       of each type of statistics currently supported. Statistic files are
324       managed using file generation sets and scripts in the ./scripts
325       directory of this distribution. Using these facilities and UNIX cron(8)
326       jobs, the data can be automatically summarized and archived for
327       retrospective analysis.
328
329   Monitoring Commands
330       statistics name...
331           Enables writing of statistics records. Currently, eight kinds of
332           name statistics are supported.
333
334           clockstats
335               Enables recording of clock driver statistics information. Each
336               update received from a clock driver appends a line of the
337               following form to the file generation set named clockstats:
338
339               49213 525.624 SPECTRACOM(1) 93 226 00:08:29.606
340
341           ┌────────────────────┬───────┬─────────────────────┐
342           │                    │       │                     │
343           │Item                │ Units │ Description         │
344           ├────────────────────┼───────┼─────────────────────┤
345           │                    │       │                     │
346           │49213               │ MJD   │ modified Julian day │
347           │                    │       │ number              │
348           ├────────────────────┼───────┼─────────────────────┤
349           │                    │       │                     │
350           │525.624             │ s     │ time of day (s)     │
351           │                    │       │ past midnight UTC   │
352           ├────────────────────┼───────┼─────────────────────┤
353           │                    │       │                     │
354           │SPECTRACOM(1)       │       │ receiver identifier │
355           │                    │       │ (Spectracom unit 1) │
356           ├────────────────────┼───────┼─────────────────────┤
357           │                    │       │                     │
358           │93 226 00:08:29.606 │       │ timecode (format    │
359           │                    │       │ varies by refclock) │
360           └────────────────────┴───────┴─────────────────────┘
361
362           The first two fields show the date (Modified Julian Day) and time
363           (seconds and fraction past UTC midnight). The next normally shows
364           clock type and unit (but if you are running in strict Classic
365           compatibility mode it will show the magic clock address in
366           dotted-quad notation). The final field is the last timecode
367           received from the clock in decoded ASCII format, where meaningful.
368           For some clock drivers, a good deal of additional information can
369           be gathered and displayed as well. See information specific to each
370           clock for further details.
371
372           loopstats
373               Enables recording of loop filter statistics information. Each
374               update of the local clock outputs a line of the following form
375               to the file generation set named loopstats:
376
377               50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
378
379           ┌────────────┬────────┬─────────────────────┐
380           │            │        │                     │
381           │Item        │ Units  │ Description         │
382           ├────────────┼────────┼─────────────────────┤
383           │            │        │                     │
384           │50935       │ MJD    │ date                │
385           ├────────────┼────────┼─────────────────────┤
386           │            │        │                     │
387           │75440.031   │ s      │ time past midnight  │
388           ├────────────┼────────┼─────────────────────┤
389           │            │        │                     │
390           │0.000006019 │ s      │ clock offset        │
391           ├────────────┼────────┼─────────────────────┤
392           │            │        │                     │
393           │13.778      │ PPM    │ drift (frequency    │
394           │            │        │ offset)             │
395           ├────────────┼────────┼─────────────────────┤
396           │            │        │                     │
397           │0.000351733 │ s      │ RMS jitter          │
398           ├────────────┼────────┼─────────────────────┤
399           │            │        │                     │
400           │0.013380    │ PPM    │ RMS frequency       │
401           │            │        │ jitter (aka wander) │
402           ├────────────┼────────┼─────────────────────┤
403           │            │        │                     │
404           │6           │ log2 s │ clock discipline    │
405           │            │        │ loop time constant  │
406           └────────────┴────────┴─────────────────────┘
407
408           The first two fields show the date (Modified Julian Day) and time
409           (seconds and fraction past UTC midnight). The next five fields show
410           time offset (seconds), frequency offset (parts per million - PPM),
411           RMS jitter (seconds), Allan deviation (PPM) and clock discipline
412           time constant.
413
414           protostats
415               Record significant peer and system events. Each significant
416               event appends one line to the protostats file set:
417
418           49213 525.624 128.4.1.1 963a 8a message
419
420           ┌──────────┬───────┬────────────────────┐
421           │          │       │                    │
422           │Item      │ Units │ Description        │
423           ├──────────┼───────┼────────────────────┤
424           │          │       │                    │
425           │49213     │ MJD   │ date               │
426           ├──────────┼───────┼────────────────────┤
427           │          │       │                    │
428           │525.624   │ s     │ time past midnight │
429           ├──────────┼───────┼────────────────────┤
430           │          │       │                    │
431           │128.4.1.1 │ IP    │ source address     │
432           │          │       │ (0.0.0.0 for       │
433           │          │       │ system)            │
434           ├──────────┼───────┼────────────────────┤
435           │          │       │                    │
436           │963a      │ code  │ status word        │
437           ├──────────┼───────┼────────────────────┤
438           │          │       │                    │
439           │8a        │ code  │ event message code │
440           ├──────────┼───────┼────────────────────┤
441           │          │       │                    │
442message   │ text  │ event message      │
443           └──────────┴───────┴────────────────────┘
444
445           The event message code and message field are described on the
446           "Event Messages and Status Words" page.
447
448           peerstats
449               Enables recording of peer statistics information. This includes
450               statistics records of all peers of an NTP server and of special
451               signals, where present and configured. Each valid update
452               appends a line of the following form to the current element of
453               a file generation set named peerstats:
454
455               48773 10847.650 SPECTRACOM(4) 9714 -0.001605376 0.000000000
456                   0.001424877 0.000958674
457
458           ┌──────────────┬───────┬────────────────────┐
459           │              │       │                    │
460           │Item          │ Units │ Description        │
461           ├──────────────┼───────┼────────────────────┤
462           │              │       │                    │
463           │48773         │ MJD   │ date               │
464           ├──────────────┼───────┼────────────────────┤
465           │              │       │                    │
466           │10847.650     │ s     │ time past midnight │
467           ├──────────────┼───────┼────────────────────┤
468           │              │       │                    │
469           │SPECTRACOM(4) │       │ clock name (unit)  │
470           │              │       │ or source address  │
471           ├──────────────┼───────┼────────────────────┤
472           │              │       │                    │
473           │9714          │ hex   │ status word        │
474           ├──────────────┼───────┼────────────────────┤
475           │              │       │                    │
476           │-0.001605376  │ s     │ clock offset       │
477           ├──────────────┼───────┼────────────────────┤
478           │              │       │                    │
479           │0.000000000   │ s     │ roundtrip delay    │
480           ├──────────────┼───────┼────────────────────┤
481           │              │       │                    │
482           │0.001424877   │ s     │ dispersion         │
483           ├──────────────┼───────┼────────────────────┤
484           │              │       │                    │
485           │0.000958674   │ s     │ RMS jitter         │
486           └──────────────┴───────┴────────────────────┘
487
488           The first two fields show the date (Modified Julian Day) and time
489           (seconds and fraction past UTC midnight). The third field shows the
490           reference clock type and unit number (but if you are running in the
491           peer address in dotted-quad notation instead) The fourth field is a
492           status word, encoded in hex in the format described in Appendix A
493           of the NTP specification RFC 1305. The final four fields show the
494           offset, delay, dispersion and RMS jitter, all in seconds.
495
496           rawstats
497               Enables recording of raw-timestamp statistics information. This
498               includes statistics records of all peers of an NTP server and
499               of special signals, where present and configured. Each NTP
500               message received from a peer or clock driver appends a line of
501               the following form to the file generation set named rawstats:
502
503               56285 54575.160 128.4.1.1 192.168.1.5 3565350574.400229473
504                   3565350574.442385200 3565350574.442436000
505                   3565350575.154505763 0 4 4 1 8 -21 0.000000 0.000320
506                   PPS 0
507
508           ┌─────────────────────┬────────────────────┬─────────────────────┐
509           │                     │                    │                     │
510           │Item                 │ Units              │ Description         │
511           ├─────────────────────┼────────────────────┼─────────────────────┤
512           │                     │                    │                     │
513           │56285                │ MJD                │ date                │
514           ├─────────────────────┼────────────────────┼─────────────────────┤
515           │                     │                    │                     │
516           │54575.160            │ s                  │ time past midnight  │
517           ├─────────────────────┼────────────────────┼─────────────────────┤
518           │                     │                    │                     │
519           │128.4.1.1            │ IP                 │ source address      │
520           ├─────────────────────┼────────────────────┼─────────────────────┤
521           │                     │                    │                     │
522           │192.168.1.5          │ IP                 │ destination address │
523           ├─────────────────────┼────────────────────┼─────────────────────┤
524           │                     │                    │                     │
525           │3565350574.400229473 │ NTP s              │ origin timestamp    │
526           ├─────────────────────┼────────────────────┼─────────────────────┤
527           │                     │                    │                     │
528           │3565350574.442385200 │ NTP s              │ receive timestamp   │
529           ├─────────────────────┼────────────────────┼─────────────────────┤
530           │                     │                    │                     │
531           │3565350574.442436000 │ NTP s              │ transmit timestamp  │
532           ├─────────────────────┼────────────────────┼─────────────────────┤
533           │                     │                    │                     │
534           │3565350575.154505763 │ NTP s              │ destination         │
535           │                     │                    │ timestamp           │
536           ├─────────────────────┼────────────────────┼─────────────────────┤
537           │                     │                    │                     │
538           │0                    │ 0: OK, 1: insert   │ leap warning        │
539           │                     │ pending, 2: delete │ indicator           │
540           │                     │ pending, 3: not    │                     │
541           │                     │ synced             │                     │
542           ├─────────────────────┼────────────────────┼─────────────────────┤
543           │                     │                    │                     │
544           │4                    │ 4 was current in   │ NTP version         │
545           │                     │ 2012               │                     │
546           ├─────────────────────┼────────────────────┼─────────────────────┤
547           │                     │                    │                     │
548           │4                    │ 3: client, 4:      │ mode                │
549           │                     │ server, 6: ntpq    │                     │
550           ├─────────────────────┼────────────────────┼─────────────────────┤
551           │                     │                    │                     │
552           │1                    │ 1-15, 16: not      │ stratum             │
553           │                     │ synced             │                     │
554           ├─────────────────────┼────────────────────┼─────────────────────┤
555           │                     │                    │                     │
556           │8                    │ log2 seconds       │ poll                │
557           ├─────────────────────┼────────────────────┼─────────────────────┤
558           │                     │                    │                     │
559           │-21                  │ log2 seconds       │ precision           │
560           ├─────────────────────┼────────────────────┼─────────────────────┤
561           │                     │                    │                     │
562           │0.000000             │ seconds            │ total roundtrip     │
563           │                     │                    │ delay from the      │
564           │                     │                    │ remote server to    │
565           │                     │                    │ the primary         │
566           │                     │                    │ reference clock     │
567           ├─────────────────────┼────────────────────┼─────────────────────┤
568           │                     │                    │                     │
569           │0.000320             │ seconds            │ total dispersion    │
570           │                     │                    │ from the remote     │
571           │                     │                    │ server to the       │
572           │                     │                    │ primary reference   │
573           │                     │                    │ clock               │
574           ├─────────────────────┼────────────────────┼─────────────────────┤
575           │                     │                    │                     │
576           │.PPS.                │ IP or text         │ refid, association  │
577           │                     │                    │ ID                  │
578           ├─────────────────────┼────────────────────┼─────────────────────┤
579           │                     │                    │                     │
580           │0                    │ integer            │ lost packets since  │
581           │                     │                    │ last response       │
582           └─────────────────────┴────────────────────┴─────────────────────┘
583
584           The first two fields show the date (Modified Julian Day) and time
585           (seconds and fraction past UTC midnight). The next two fields show
586           the remote peer or clock identification followed by the local
587           address in dotted-quad notation. The final four fields show the
588           originate, receive, transmit and final NTP timestamps in order. The
589           timestamp values are as received and before processing by the
590           various data smoothing and mitigation algorithms.
591
592           sysstats
593               Enables recording of ntpd statistics counters on a periodic
594               basis. Each hour a line of the following form is appended to
595               the file generation set named sysstats:
596
597               50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147 1
598
599           ┌─────────┬───────┬────────────────────┐
600           │         │       │                    │
601           │Item     │ Units │ Description        │
602           ├─────────┼───────┼────────────────────┤
603           │         │       │                    │
604           │50928    │ MJD   │ date               │
605           ├─────────┼───────┼────────────────────┤
606           │         │       │                    │
607           │2132.543 │ s     │ time past midnight │
608           ├─────────┼───────┼────────────────────┤
609           │         │       │                    │
610           │3600     │ s     │ time since reset   │
611           ├─────────┼───────┼────────────────────┤
612           │         │       │                    │
613           │81965    │ #     │ packets received   │
614           ├─────────┼───────┼────────────────────┤
615           │         │       │                    │
616           │0        │ #     │ packets for this   │
617           │         │       │ host               │
618           ├─────────┼───────┼────────────────────┤
619           │         │       │                    │
620           │9546     │ #     │ current versions   │
621           ├─────────┼───────┼────────────────────┤
622           │         │       │                    │
623           │56       │ #     │ old version        │
624           ├─────────┼───────┼────────────────────┤
625           │         │       │                    │
626           │512      │ #     │ access denied      │
627           ├─────────┼───────┼────────────────────┤
628           │         │       │                    │
629           │540      │ #     │ bad length or      │
630           │         │       │ format             │
631           ├─────────┼───────┼────────────────────┤
632           │         │       │                    │
633           │10       │ #     │ bad authentication │
634           ├─────────┼───────┼────────────────────┤
635           │         │       │                    │
636           │4        │ #     │ declined           │
637           ├─────────┼───────┼────────────────────┤
638           │         │       │                    │
639           │147      │ #     │ rate exceeded      │
640           ├─────────┼───────┼────────────────────┤
641           │         │       │                    │
642           │1        │ #     │ kiss-o'-death      │
643           │         │       │ packets sent       │
644           └─────────┴───────┴────────────────────┘
645
646           The first two fields show the date (Modified Julian Day) and time
647           (seconds and fraction past UTC midnight). The remaining ten fields
648           show the statistics counter values accumulated since the last
649           generated line.
650
651           usestats
652               Enables recording of ntpd resource usage statistics. Each hour
653               a line of the following form is appended to the file generation
654               set named usestats:
655
656               57570 83399.541 3600 0.902 1.451 164 0 0 0 2328 64226 1 0 4308
657
658           ┌──────────┬───────┬─────────────────────┐
659           │          │       │                     │
660           │Item      │ Units │ Description         │
661           ├──────────┼───────┼─────────────────────┤
662           │          │       │                     │
663           │57570     │ MJD   │ date                │
664           ├──────────┼───────┼─────────────────────┤
665           │          │       │                     │
666           │83399.541 │ s     │ time past midnight  │
667           ├──────────┼───────┼─────────────────────┤
668           │          │       │                     │
669           │3600      │ s     │ time since reset    │
670           ├──────────┼───────┼─────────────────────┤
671           │          │       │                     │
672           │0.902     │ s     │ ru_utime: CPU       │
673           │          │       │ seconds - user mode │
674           ├──────────┼───────┼─────────────────────┤
675           │          │       │                     │
676           │1.451     │ s     │ ru_stime: CPU       │
677           │          │       │ seconds - system    │
678           ├──────────┼───────┼─────────────────────┤
679           │          │       │                     │
680           │164       │ #     │ ru_minflt: page     │
681           │          │       │ faults -            │
682           │          │       │ reclaim/soft (no    │
683           │          │       │ I/O)                │
684           ├──────────┼───────┼─────────────────────┤
685           │          │       │                     │
686           │0         │ #     │ ru_majflt: page     │
687           │          │       │ faults - I/O        │
688           ├──────────┼───────┼─────────────────────┤
689           │          │       │                     │
690           │0         │ #     │ ru_nswap: process   │
691           │          │       │ swapped out         │
692           ├──────────┼───────┼─────────────────────┤
693           │          │       │                     │
694           │0         │ #     │ ru_inblock: file    │
695           │          │       │ blocks in           │
696           ├──────────┼───────┼─────────────────────┤
697           │          │       │                     │
698           │2328      │ #     │ ru_oublock: file    │
699           │          │       │ blocks out          │
700           ├──────────┼───────┼─────────────────────┤
701           │          │       │                     │
702           │64226     │ #     │ ru_nvcsw: context   │
703           │          │       │ switches, wait      │
704           ├──────────┼───────┼─────────────────────┤
705           │          │       │                     │
706           │1         │ #     │ ru_nivcsw: context  │
707           │          │       │ switches, preempts  │
708           ├──────────┼───────┼─────────────────────┤
709           │          │       │                     │
710           │0         │ #     │ ru_nsignals:        │
711           │          │       │ signals             │
712           ├──────────┼───────┼─────────────────────┤
713           │          │       │                     │
714           │4308      │ #     │ ru_maxrss: resident │
715           │          │       │ set size, kilobytes │
716           └──────────┴───────┴─────────────────────┘
717
718           The first two fields show the date (Modified Julian Day) and time
719           (seconds and fraction past UTC midnight). The ru_ tags are the
720           names from the rusage struct. See man getrusage for details. (The
721           NetBSD and FreeBSD man pages have more details.) The maxrss column
722           is the high water mark since the process was started. The remaining
723           fields show the values used since the last report.
724
725       statsdir directory_path
726           Indicates the full path of a directory where statistics files
727           should be created (see below). This keyword allows the (otherwise
728           constant) filegen filename prefix to be modified for file
729           generation sets, which is useful for handling statistics logs.
730
731       filegen name [file filename] [type typename] [link | nolink] [enable |
732       disable]
733           Configures setting of the generation file set name. Generation file
734           sets provide a means for handling files that are continuously
735           growing during the lifetime of a server. Server statistics are a
736           typical example for such files. Generation file sets provide access
737           to a set of files used to store the actual data. At any time at
738           most one element of the set is being written to. The type given
739           specifies when and how data will be directed to a new element of
740           the set. This way, information stored in elements of a file set
741           that are currently unused are available for administrative
742           operations without the risk of disturbing the operation of ntpd.
743           (Most important: they can be removed to free space for new data
744           produced.)
745
746           Note that this command can be sent from the ntpq(1) program running
747           at a remote location.
748
749           name
750               This is the type of the statistics records, as shown in the
751               statistics command.
752
753           file filename
754               This is the file name for the statistics records. Filenames of
755               set members are built from three concatenated elements prefix,
756               filename and suffix:
757
758           ┌──────────┬────────────────────────────┐
759           │          │                            │
760           │Attribute │ Description                │
761           ├──────────┼────────────────────────────┤
762           │          │                            │
763prefix    │ This is a constant         │
764           │          │ filename path. It is not   │
765           │          │ subject to modifications   │
766           │          │ via the filegen option. It │
767           │          │ is defined by the server,  │
768           │          │ usually specified as a     │
769           │          │ compile-time constant. It  │
770           │          │ may, however, be           │
771           │          │ configurable for           │
772           │          │ individual file generation │
773           │          │ sets via other commands.   │
774           │          │ For example, the prefix    │
775           │          │ used with loopstats and    │
776           │          │ peerstats generation can   │
777           │          │ be configured using the    │
778           │          │ statsdir option explained  │
779           │          │ above.                     │
780           ├──────────┼────────────────────────────┤
781           │          │                            │
782filename  │ This string is directly    │
783           │          │ concatenated to the prefix │
784           │          │ mentioned above (no        │
785           │          │ intervening ‘/’). This can │
786           │          │ be modified using the file │
787           │          │ argument to the filegen
788           │          │ statement. No .. elements  │
789           │          │ are allowed in this        │
790           │          │ component to prevent       │
791           │          │ filenames referring to     │
792           │          │ parts outside the          │
793           │          │ filesystem hierarchy       │
794           │          │ denoted by prefix.         │
795           ├──────────┼────────────────────────────┤
796           │          │                            │
797suffix    │ This part is reflects      │
798           │          │ individual elements of a   │
799           │          │ file set. It is generated  │
800           │          │ according to the type of a │
801           │          │ file set.                  │
802           └──────────┴────────────────────────────┘
803
804           type typename
805               A file generation set is characterized by its type. The
806               following types are supported: // The following are tables only
807               because indent lists cannot be // nested more than 2 deep.
808
809           ┌──────────┬────────────────────────────┐
810           │          │                            │
811           │Attribute │ Description                │
812           ├──────────┼────────────────────────────┤
813           │          │                            │
814           │none      │ The file set is actually a │
815           │          │ single plain file.         │
816           ├──────────┼────────────────────────────┤
817           │          │                            │
818           │pid       │ One element of file set is │
819           │          │ used per incarnation of a  │
820           │          │ ntpd server. This type     │
821           │          │ does not perform any       │
822           │          │ changes to file set        │
823           │          │ members during runtime,    │
824           │          │ however it provides an     │
825           │          │ easy way of separating     │
826           │          │ files belonging to         │
827           │          │ different ntpd(8) server   │
828           │          │ incarnations. The set      │
829           │          │ member filename is built   │
830           │          │ by appending a ‘.’ to      │
831           │          │ concatenated prefix and    │
832           │          │ filename strings, and      │
833           │          │ appending the decimal      │
834           │          │ representation of the      │
835           │          │ process ID of the ntpd(8)
836           │          │ server process.            │
837           ├──────────┼────────────────────────────┤
838           │          │                            │
839           │day       │ One file generation set    │
840           │          │ element is created per     │
841           │          │ day. A day is defined as   │
842           │          │ the period between 00:00   │
843           │          │ and 24:00 UTC. The file    │
844           │          │ set member suffix consists │
845           │          │ of a ‘.’ and a day         │
846           │          │ specification in the form  │
847           │          │ YYYYMMdd. YYYY is a        │
848           │          │ 4-digit year number (e.g., │
849           │          │ 1992). MM is a two digit   │
850           │          │ month number. dd is a two  │
851           │          │ digit day number. Thus,    │
852           │          │ all information written at │
853           │          │ 10 December 1992 would end │
854           │          │ up in a file named prefix
855           │          │ filename.19921210.         │
856           ├──────────┼────────────────────────────┤
857           │          │                            │
858           │week      │ Any file set member        │
859           │          │ contains data related to a │
860           │          │ certain week of a year.    │
861           │          │ The term week is defined   │
862           │          │ by computing day-of-year   │
863           │          │ modulo 7. Elements of such │
864           │          │ a file generation set are  │
865           │          │ distinguished by appending │
866           │          │ the following suffix to    │
867           │          │ the file set filename      │
868           │          │ base: A dot, a 4-digit     │
869           │          │ year number, the letter W, │
870           │          │ and a 2-digit week number. │
871           │          │ For example, information   │
872           │          │ from January, 10th 1992    │
873           │          │ would end up in a file     │
874           │          │ with suffix 1992W1.        │
875           ├──────────┼────────────────────────────┤
876           │          │                            │
877           │month     │ One generation file set    │
878           │          │ element is generated per   │
879           │          │ month. The file name       │
880           │          │ suffix consists of a dot,  │
881           │          │ a 4-digit year number, and │
882           │          │ a 2-digit month.           │
883           ├──────────┼────────────────────────────┤
884           │          │                            │
885           │year      │ One generation file        │
886           │          │ element is generated per   │
887           │          │ year. The filename  suffix │
888           │          │ consists of a dot and a 4  │
889           │          │ digit year number.         │
890           ├──────────┼────────────────────────────┤
891           │          │                            │
892           │age$$     │ This type of file          │
893           │          │ generation sets changes to │
894           │          │ a new element of the file  │
895           │          │ set every 24 hours of      │
896           │          │ server operation. The      │
897           │          │ filename suffix consists   │
898           │          │ of a dot, the letter a,    │
899           │          │ and an 8-digit number.     │
900           │          │ This number is taken to be │
901           │          │ the number of seconds the  │
902           │          │ server is running at the   │
903           │          │ start of the corresponding │
904           │          │ 24-hour period.            │
905           └──────────┴────────────────────────────┘
906
907           link | nolink
908               It is convenient to be able to access the current element of a
909               file generation set by a fixed name. This feature is enabled by
910               specifying link and disabled using nolink. If link is
911               specified, a hard link from the current file set element to a
912               file without suffix is created. When there is already a file
913               with this name and the number of links of this file is one, it
914               is renamed appending a dot, the letter C, and the pid of the
915               ntpd server process. When the number of links is greater than
916               one, the file is unlinked. This allows the current file to be
917               accessed by a constant name.
918
919           enable | disable
920               Enables or disables the recording function. Information is only
921               written to a file generation by specifying enable; output is
922               prevented by specifying disable.
923

ACCESS CONTROL SUPPORT

925       The ntpd(8) daemon implements a general purpose address/mask based
926       restriction list. The list contains address/match entries sorted first
927       by increasing address values and then by increasing mask values. A
928       match occurs when the bitwise AND of the mask and the packet source
929       address is equal to the bitwise AND of the mask and address in the
930       list. The list is searched in order with the last match found defining
931       the restriction flags associated with the entry. Additional information
932       and examples can be found in the "Notes on Configuring NTP and Setting
933       up a NTP Subnet" page (available as part of the HTML documentation).
934
935       The restriction facility was implemented in conformance with the access
936       policies for the original NSFnet backbone time servers. Later the
937       facility was expanded to deflect cryptographic and clogging attacks.
938       While this facility may be useful for keeping unwanted or broken or
939       malicious clients from congesting innocent servers, it should not be
940       considered an alternative to the NTP authentication facilities. Source
941       address based restrictions are easily circumvented by a determined
942       cracker.
943
944       Clients can be denied service because they are explicitly included in
945       the restrict list created by the restrict command or implicitly as the
946       result of cryptographic or rate limit violations. Cryptographic
947       violations include certificate or identity verification failures; rate
948       limit violations generally result from defective NTP implementations
949       that send packets at abusive rates. Some violations cause denied
950       service only for the offending packet, others cause denied service for
951       a timed period and others cause the denied service for an indefinite
952       period. When a client or network is denied access for an indefinite
953       period, the only way at present to remove the restrictions is by
954       restarting the server.
955
956   The Kiss-of-Death Packet
957       Ordinarily, packets denied service are simply dropped with no further
958       action except incrementing statistics counters. Sometimes a more
959       proactive response is needed, such as a server message that explicitly
960       requests the client to stop sending and leave a message for the system
961       operator. A special packet format has been created for this purpose
962       called the "kiss-of-death" (KoD) packet. KoD packets have the leap bits
963       set unsynchronized and stratum set to zero and the reference identifier
964       field set to a four-byte ASCII code. If the noserve or notrust flag of
965       the matching restrict list entry is set, the code is "DENY"; if the
966       limited flag is set and the rate limit is exceeded, the code is "RATE".
967       Finally, if a cryptographic violation occurs, the code is "CRYP".
968
969       A client receiving a KoD performs a set of sanity checks to minimize
970       security exposure, then updates the stratum and reference identifier
971       peer variables, sets the access denied (BOGON4) bit in the peer flash
972       variable and sends a message to the log. As long as the BOGON4 bit is
973       set, the client will send no further packets to the server. The only
974       way at present to recover from this condition is to restart the
975       protocol at both the client and server. This happens automatically at
976       the client when the association times out. It will happen at the server
977       only if the server operator cooperates.
978

ACCESS CONTROL COMMANDS

980       limit [average average] [burst burst] [kod kod]
981           Set the parameters of the limited facility which protects the
982           server from client abuse. Internally, each MRU <ntpq.html#mrulist>
983           slot contains a score in units of packets per second. It is updated
984           each time a packet arrives from that IP Address. The score decays
985           exponentially at the burst rate and is bumped by 1.0/burst when a
986           packet arrives.
987
988           average average
989               Specify the allowed average rate for response packets in
990               packets per second. The default is 1.0
991
992           burst burst
993               Specify the allowed burst size if the bursts are far enough
994               apart to keep the average rate below average. The default is
995               20.0
996
997           kod kod
998               Specify the allowed average rate for KoD packets in packets per
999               second. The default is 0.5
1000
1001       restrict address[/cidr] [mask mask] [flag ...]
1002           The address argument expressed in dotted-quad (for IPv4) or
1003           :-delimited (for IPv6) form is the address of a host or network.
1004           Alternatively, the address argument can be a valid host DNS name.
1005           The mask argument expressed in IPv4 or IPv6 numeric address form
1006           defaults to all mask bits on, meaning that the address is treated
1007           as the address of an individual host. Instead of an explicit mask,
1008           the address/cidr may be specified in CIDR notation. A default entry
1009           (address 0.0.0.0, mask 0.0.0.0) is always included and is always
1010           the first entry in the list. Note that text string default, with no
1011           mask option, may be used to indicate the default entry. In the
1012           current implementation, flag always restricts access, i.e., an
1013           entry with no flags indicates that free access to the server is to
1014           be given. The flags are not orthogonal, in that more restrictive
1015           flags will often make less restrictive ones redundant. The flags
1016           can generally be classed into two categories, those which restrict
1017           time service and those which restrict informational queries and
1018           attempts to do a run-time reconfiguration of the server. One or
1019           more of the following flags may be specified:
1020
1021           flake
1022               Discard received NTP packets with probability 0.1; that is, on
1023               average drop one packet in ten. This flag is for testing and
1024               amusement. The name comes from Bob Braden’s flakeway, which
1025               once did a similar thing for early Internet testing.
1026
1027           ignore
1028               Deny packets of all kinds, including ntpq(1) queries.
1029
1030           kod
1031               If this flag is set when an access violation occurs, a
1032               kiss-o'-death (KoD) packet is sent. KoD packets are rate
1033               limited.
1034
1035           limited
1036               Deny service if the packet spacing violates the lower limits
1037               specified in the limit command. A history of clients is kept
1038               using the monitoring capability of ntpd(8). Thus, monitoring is
1039               always active as long as there is a restriction entry with the
1040               limited flag.
1041
1042           mssntp
1043               Enable Microsoft Windows MS-SNTP authentication using Active
1044               Directory services. Note: Potential users should be aware that
1045               these services involve a TCP connection to another process that
1046               could potentially block, denying services to other users.
1047               Therefore, this flag should be used only for a dedicated server
1048               with no clients other than MS-SNTP.
1049
1050           nomodify
1051               Deny ntpq(1) queries which attempt to modify the state of the
1052               server (i.e., run time reconfiguration). Queries which return
1053               information are permitted.
1054
1055           nomrulist
1056               Do not accept MRU-list requests. These can be expensive to
1057               service and may generate a high volume of response traffic.
1058
1059           nopeer
1060               Deny packets which would result in mobilizing a new
1061               association; this includes symmetric active packets when a
1062               configured association does not exist. That used to happen when
1063               the remote client used the peer command in its config file. We
1064               don’t support that mode. It used to include pool servers, but
1065               they now poke a hole in any restrictions.
1066
1067           noquery
1068               Deny ntpq(1) queries. Time service is not affected.
1069
1070           noserve
1071               Deny all packets except ntpq(1) and queries.
1072
1073           notrust
1074               Deny service unless the packet is cryptographically
1075               authenticated.
1076
1077           ntpport
1078               This is a match algorithm modifier, rather than a restriction
1079               flag. Its presence causes the restriction entry to be matched
1080               if the source port in the packet is the standard NTP UDP port
1081               (123). Both ntpport and non-ntpport may be specified. The
1082               ntpport is considered more specific and is sorted later in the
1083               list.
1084
1085           version
1086               Deny packets that do not match the current NTP version.
1087
1088       Note: A second restrict line with the same address/mask does not
1089       replace the first one. The flags are merged. Thus:
1090
1091           restrict bob X
1092           restrict bob Y
1093
1094       is the same as
1095
1096           restrict bob X Y
1097
1098       Default restriction list entries with the flags ignore, interface,
1099       ntpport, for each of the local host’s interface addresses are inserted
1100       into the table at startup to prevent the server from attempting to
1101       synchronize to its own time. A default entry is also always present. It
1102       has noquery to avoid packet length amplification which can be used for
1103       DDoS with a forged return address and limited to avoid DDoS
1104       reflections.
1105
1106       unrestrict address[/cidr] [mask mask] [flag ...]
1107           Like a restrict command, but turns off the specified flags rather
1108           than turning them on (expected to be useful mainly with ntpq
1109           :config). An unrestrict with no flags specified removes any rule
1110           with matching address and mask. Use only on an address/mask or
1111           CIDR-format address mentioned in a previous restrict statement.
1112
1113       Note: unrestrict default will not do anything; you can’t remove the
1114       builtin defaults. If you want to remove them, use unrestrict default
1115       noquery limited to turn off those flags.
1116

AUTOMATIC NTP CONFIGURATION OPTIONS

1118   Manycasting
1119       For a detailed description of manycast operation, see the "Server
1120       Discovery" page (available as part of the HTML documentation).
1121
1122   Manycast Options
1123       tos [ceiling ceiling | floor floor | minclock minclock | minsane
1124       minsane]
1125           This command affects the clock selection and clustering algorithms.
1126           It can be used to select the quality and quantity of peers used to
1127           synchronize the system clock and is most useful in manycast mode.
1128           The variables operate as follows:
1129
1130           ceiling ceiling
1131               Peers with strata above ceiling will be discarded if there are
1132               at least minclock peers remaining. This value defaults to 15,
1133               but can be changed to any number from 1 to 15.
1134
1135           floor floor
1136               Peers with strata below floor will be discarded if there are at
1137               least minclock peers remaining. This value defaults to 1, but
1138               can be changed to any number from 1 to 15.
1139
1140           minclock minclock
1141               The clustering algorithm repeatedly casts out outlier
1142               associations until no more than minclock associations remain.
1143               This value defaults to 3, but can be changed to any number from
1144               1 to the number of configured sources.
1145
1146           minsane minsane
1147               This is the minimum number of candidates available to the clock
1148               selection algorithm in order to produce one or more truechimers
1149               for the clustering algorithm. If fewer than this number are
1150               available, the clock is undisciplined and allowed to run free.
1151               The default is 1 for legacy purposes. However, according to
1152               principles of Byzantine agreement, minsane should be at least 4
1153               in order to detect and discard a single falseticker.
1154

REFERENCE CLOCK SUPPORT

1156       For a detailed description of reference-clock configuration, see the
1157       "Reference Clock Drivers" page (available as part of the HTML
1158       documentation provided in /usr/share/doc/ntp).
1159

REFERENCE CLOCK COMMANDS

1161       refclock drivername [unit u] [prefer] [subtype int] [mode int] [minpoll
1162       int] [maxpoll int] [time1 sec] [time2 sec] [stratum int] [refid string]
1163       [path filename] [ppspath filename] [baud number] [flag1 {0 | 1}] [flag2
1164       {0 | 1}] [flag3 {0 | 1}] [flag4 {0 | 1}]
1165           This command is used to configure reference clocks. The required
1166           drivername argument is the shortname of a driver type (e.g., shm,
1167           nmea, generic; see the Reference Clock Drivers <refclock.html> page
1168           for a full list. The options are interpreted as follows:
1169
1170           unit
1171               The 0-origin unit number of the device; this modifies the
1172               devicename. If not specified, defaults to zero.
1173
1174           prefer
1175               Marks the reference clock as preferred. All other things being
1176               equal, this host will be chosen for synchronization among a set
1177               of correctly operating hosts and clocks. See the "Mitigation
1178               Rules and the prefer Keyword" page (available as part of the
1179               HTML documentation provided in /usr/share/doc/ntp) for further
1180               information.
1181
1182           subtype int
1183               Some drivers (notably the generic and jjy drivers) support
1184               multiple device types. This option selects among them in a
1185               driver-dependent way.
1186
1187           mode int
1188               Specifies a mode number which is interpreted in a
1189               device-specific fashion. For instance, it selects a dialing
1190               protocol in the ACTS driver and a sentence mix in the nmea
1191               driver.
1192
1193           minpoll int; maxpoll int
1194               These options specify the minimum and maximum polling interval
1195               for reference clock messages, as a power of 2 in seconds. For
1196               most directly connected reference clocks, both minpoll and
1197               maxpoll default to 6 (64 sec). For modem reference clocks,
1198               minpoll defaults to 10 (17.1 min) and maxpoll defaults to 14
1199               (4.5 hours). The allowable range is 0 (1 sec) to 17 (36.4
1200               hours) inclusive.
1201
1202           time1 sec
1203               Specifies a constant to be added to the time offset produced by
1204               the driver, a fixed-point decimal number in seconds. Each "g"
1205               on the end of the constant adds the number of seconds in a
1206               10-bit GPS era; each "G" adds the number of seconds in a 13-bit
1207               GPS era. This is used as a calibration constant to adjust the
1208               nominal time offset of a particular clock to agree with an
1209               external standard, such as a precision PPS signal. It also
1210               provides a way to correct a systematic error or bias due to era
1211               wraparound from a GPS device, serial port or operating system
1212               latencies, different cable lengths or receiver internal delay.
1213               The specified offset is in addition to the propagation delay
1214               provided by other means, such as internal DIP switches. Where a
1215               calibration for an individual system and driver is available,
1216               an approximate correction is noted in the driver documentation
1217               pages. Note: To facilitate calibration when more than one radio
1218               clock or PPS signal is supported, a special calibration feature
1219               is available. It takes the form of an argument to the enable
1220               command described in "Miscellaneous Options" page and operates
1221               as described in the "Reference Clock Drivers" page.
1222
1223           time2 secs
1224               Specifies a fixed-point decimal number in seconds, which is
1225               interpreted in a driver-dependent way. See the descriptions of
1226               specific drivers in the "Reference Clock Drivers" page.
1227
1228           stratum int
1229               Specifies the stratum number assigned to the driver, an integer
1230               between 0 and 15. This number overrides the default stratum
1231               number ordinarily assigned by the driver itself, usually zero.
1232
1233           refid string
1234               Specifies an ASCII string of from one to four characters which
1235               defines the reference identifier used by the driver. This
1236               string overrides the default identifier ordinarily assigned by
1237               the driver itself.
1238
1239           path filepath
1240               Overrides the default device location for this refclock.
1241
1242           ppspath filepath
1243               Overrides the default PPS device location (if any) for this
1244               driver.
1245
1246           baud number
1247               Overrides the defaults baud rate for this driver.
1248
1249           flag1 {0 | 1}; flag2 {0 | 1}; flag3 {0 | 1}; flag4 {0 | 1}
1250               These four flags are used for customizing the clock driver. The
1251               interpretation of these values, and whether they are used at
1252               all, is a function of the particular clock driver. However, by
1253               convention flag4 is used to enable recording monitoring data to
1254               the clockstats file configured with the filegen command.
1255               Further information on the filegen command can be found in
1256               "Monitoring Options".
1257

MISCELLANEOUS OPTIONS

1259       driftfile driftfile
1260           This command specifies the complete path and name of the file used
1261           to record the frequency of the local clock oscillator; this is the
1262           same operation as the -f command line option. If the file exists,
1263           it is read at startup to set the initial frequency and then updated
1264           once per hour with the current frequency computed by the daemon. If
1265           the file name is specified, but the file itself does not exist,
1266           ntpd starts with an initial frequency of zero and creates the file
1267           when writing it for the first time. If this command is not given,
1268           the daemon will always start with an initial frequency of zero.
1269
1270           The file format consists of a single line containing a single
1271           floating point number, which records the frequency offset measured
1272           in parts-per-million (PPM). The file is updated by first writing
1273           the current drift value into a temporary file and then renaming
1274           this file to replace the old version; this implies that ntpd(8)
1275           must have write permission for the directory the drift file is
1276           located in, and that file system links, symbolic or otherwise,
1277           should be avoided.
1278
1279       enable [auth | calibrate | kernel | monitor | ntp | stats]; disable
1280       [auth | calibrate | kernel | monitor | ntp | stats]
1281           Provides a way to enable or disable various server options. Flags
1282           not mentioned are unaffected. Note that all of these flags can be
1283           controlled remotely using the ntpq(1) utility program.
1284
1285           auth
1286               Enables the server to synchronize with unconfigured peers only
1287               if the peer has been correctly authenticated. The default for
1288               this flag is enable.
1289
1290           calibrate
1291               Enables the calibrate feature for reference clocks. The default
1292               for this flag is disable.
1293
1294           kernel
1295               Enables the kernel time discipline, if available. The default
1296               for this flag is enable if support is available, otherwise
1297               disable.
1298
1299           monitor
1300               Enables the monitoring facility. See the ntpq(1) program and
1301               the monlist command for further information. The default for
1302               this flag is enable.
1303
1304           ntp
1305               Enables time and frequency discipline. In effect, this switch
1306               opens and closes the feedback loop, which is useful for
1307               testing. The default for this flag is enable.
1308
1309           stats
1310               Enables the statistics facility. See the "Monitoring Options"
1311               section for further information. The default for this flag is
1312               disable.
1313
1314       includefile includefile
1315           This command allows additional configuration commands to be
1316           included from a separate file. Include files may be nested to a
1317           depth of five; upon reaching the end of any include file, command
1318           processing resumes in the previous configuration file. Relative
1319           pathnames are evaluated not with respect to the current working
1320           directory but with respect to the directory name of the last pushed
1321           file in the stack. This option is useful for sites that run ntpd(8)
1322           on multiple hosts, with (mostly) common options (e.g., a
1323           restriction list).
1324
1325       interface [listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | name
1326       | address[/prefixlen]]
1327           This command controls which network addresses ntpd opens, and
1328           whether the input is dropped without processing. The first
1329           parameter determines the action on addresses which match the second
1330           parameter. That parameter specifies a class of addresses, or a
1331           specific interface name, or an address. In the address case,
1332           prefixlen determines how many bits must match for this rule to
1333           apply. ignore prevents opening matching addresses, drop causes ntpd
1334           to open the address and drop all received packets without
1335           examination. Multiple interface commands can be used. The last rule
1336           which matches a particular address determines the action for it.
1337           interface commands are disabled if any of the -I, --interface,-L,
1338           or --novirtualips command-line options are used. If none of those
1339           options are used, and no interface actions are specified in the
1340           configuration file, all available network addresses are opened. The
1341           nic command is an alias for interface.
1342
1343       leapfile leapfile
1344           This command loads the NIST leap seconds file and initializes the
1345           leapsecond values for the next leap second time, expiration time
1346           and TAI offset. The file can be obtained using ntpleapfetch.
1347
1348           The leapfile is scanned when ntpd processes the leapfile directive
1349           or when ntpd detects that leapfile has changed. ntpd checks once a
1350           day to see if the leapfile has changed.
1351
1352       leapsmearinterval interval
1353           This experimental option is only available if ntpd was built with
1354           the --enable-leap-smear option, It specifies the interval over
1355           which a leap second correction will be applied. Recommended values
1356           for this option are between 7200 (2 hours) and 86400 (24 hours). DO
1357           NOT USE THIS OPTION ON PUBLIC-ACCESS SERVERS! See
1358           http://bugs.ntp.org/2855 for more information.
1359
1360       logconfig configkeyword
1361           This command controls the amount and type of output written to the
1362           system syslog(3) facility or the alternate log file. By default,
1363           all output is turned on. All configkeyword keywords can be prefixed
1364           with ‘=’, ‘’ and ‘-’, where ‘=’ sets the syslog(3) priority mask,
1365           ‘’ adds and ‘-’ removes messages. syslog(3) messages can be
1366           controlled in four classes (clock,peer,sys and sync). Within these
1367           classes four types of messages can be controlled: informational
1368           messages (info), event messages (events), statistics messages
1369           (statistics) and status messages (status).
1370
1371           Configuration keywords are formed by concatenating the message
1372           class with the event class. The all prefix can be used instead of a
1373           message class. A message class may also be followed by the all
1374           keyword to enable/disable all messages of the respective message
1375           class. Thus, a minimal log configuration could look like this:
1376
1377               logconfig =syncstatus +sysevents
1378
1379           This would just list the synchronizations state of ntpd(8) and the
1380           major system events. For a simple reference server, the following
1381           minimum message configuration could be useful:
1382
1383               logconfig =syncall +clockall
1384
1385           This configuration will list all clock information and
1386           synchronization information. All other events and messages about
1387           peers, system events and so on is suppressed.
1388
1389       logfile logfile
1390           This command specifies the location of an alternate log file to be
1391           used instead of the default system syslog(3) facility; this is the
1392           same operation as the -l command line option.
1393
1394       If your ntpd runs for a long time, you probably want to use logrotate
1395       or newsyslog to switch to a new log file occasionally. SIGHUP will
1396       reopen the log file.
1397
1398       mru [maxdepth count | maxmem kilobytes | mindepth count | maxage
1399       seconds | minage seconds | initalloc count | initmem kilobytes |
1400       incalloc count | incmem kilobytes]
1401           Controls size limits of the monitoring facility Most Recently Used
1402           (MRU) list of client addresses, which is also used by the rate
1403           control facility.
1404
1405           maxdepth count, maxmem kilobytes
1406               Equivalent upper limits on the size of the MRU list, in terms
1407               of entries or kilobytes. The actual limit will be up to
1408               incalloc entries or incmem kilobytes larger. As with all of the
1409               mru options offered in units of entries or kilobytes, if both
1410               maxdepth and maxmem are used, the last one used controls. The
1411               default is 1024 kilobytes.
1412
1413           mindepth count
1414               The lower limit on the MRU list size. When the MRU list has
1415               fewer than mindepth entries, existing entries are never removed
1416               to make room for newer ones, regardless of their age. The
1417               default is 600 entries.
1418
1419           maxage seconds, minage seconds
1420               If an address is not in the list, there are several possible
1421               ways to find a slot for it.
1422
1423                1. If the list has fewer than mindepth entries, a slot is
1424                   allocated from the free list; this is the normal case for a
1425                   server without a lot of clients. If clients come and go,
1426                   for example, laptops going between home and work, the
1427                   default setup shows only the long term average.
1428
1429                2. If the age of the oldest slot is greater than maxage, the
1430                   oldest slot is recycled (default 3600 seconds).
1431
1432                3. If the freelist is not empty, a slot is allocated from the
1433                   free list.
1434
1435                4. If the freelist is empty but not full (see maxmem), more
1436                   memory is allocated (see incmem) and, a new slot is used.
1437
1438                5. If the age of the oldest slot is more than minage, the
1439                   oldest slot is recycled (default 64 seconds).
1440
1441                6. Otherwise, no slot is available.
1442
1443           initalloc count, initmem kilobytes
1444               Initial memory allocation at the time the monitoring facility
1445               is first enabled, in terms of entries or kilobytes. The default
1446               is 4 kilobytes.
1447
1448           incalloc count, incmem kilobytes
1449               Size of additional memory allocations when growing the MRU
1450               list, in entries or kilobytes. The default is 4 kilobytes.
1451
1452       nonvolatile threshold
1453           Specify the threshold in seconds to write the frequency file, with
1454           a default of 1e-7 (0.1 PPM). The frequency file is inspected each
1455           hour. If the difference between the current frequency and the last
1456           value written exceeds the threshold, the file is written, and the
1457           threshold becomes the new threshold value. If the threshold is not
1458           exceeded, it is reduced by half; this is intended to reduce the
1459           frequency of unnecessary file writes for embedded systems with
1460           nonvolatile memory.
1461
1462       phone dial ...
1463           This command is used in conjunction with the ACTS modem driver
1464           (type modem) or the JJY driver (type jjy). For ACTS, the arguments
1465           consist of a maximum of 10 telephone numbers used to dial USNO,
1466           NIST or European time services. For the jjy driver in modes
1467           100-180, the argument is one telephone number used to dial the
1468           telephone JJY service. The Hayes command ATDT is normally prepended
1469           to the number, which can contain other modem control codes as well.
1470
1471       reset [allpeers] [auth] [ctl] [io] [mem] [sys] [timer]
1472           Reset one or more groups of counters maintained by ntpd and exposed
1473           by ntpq.
1474
1475       setvar variable [default]
1476           This command adds a system variable. These variables can be used to
1477           distribute additional information such as the access policy. If the
1478           variable of the form name=value is followed by the default keyword,
1479           the variable will be listed as part of the default system variables
1480           (ntpq(1) rv command). These additional variables serve
1481           informational purposes only. They are not related to the protocol
1482           other that they can be listed. The known protocol variables will
1483           always override any variables defined via the setvar mechanism.
1484           There are three special variables that contain the names of all
1485           variable of the same group. The sys_var_list holds the names of all
1486           system variables. The peer_var_list holds the names of all peer
1487           variables and the clock_var_list holds the names of the reference
1488           clock variables.
1489
1490       tinker [allan allan | dispersion dispersion | freq freq | huffpuff
1491       huffpuff | panic panic | step step | stepback stepback | stepfwd
1492       stepfwd | stepout stepout]
1493           This command can be used to alter several system variables in very
1494           exceptional circumstances. It should occur in the configuration
1495           file before any other configuration options. The default values of
1496           these variables have been carefully optimized for a wide range of
1497           network speeds and reliability expectations. In general, they
1498           interact in intricate ways that are hard to predict, and some
1499           combinations can result in some very nasty behavior. Very rarely is
1500           it necessary to change the default values; but, some folks cannot
1501           resist twisting the knobs anyway, and this command is for them.
1502           Emphasis added: twisters are on their own and can expect no help
1503           from the support group.
1504
1505           The variables operate as follows:
1506
1507           allan allan
1508               The argument becomes the new value for the minimum Allan
1509               intercept, which is a parameter of the PLL/FLL clock discipline
1510               algorithm. The value in log2 seconds defaults to 11 (2048 s),
1511               which is also the lower limit.
1512
1513           dispersion dispersion
1514               The argument becomes the new value for the dispersion increase
1515               rate, normally .000015 s/s.
1516
1517           freq freq
1518               The argument becomes the initial value of the frequency offset
1519               in parts-per-million; this overrides the value in the frequency
1520               file, if present, and avoids the initial training state if it
1521               is not.
1522
1523           huffpuff huffpuff
1524               The argument becomes the new value for the experimental
1525               huff-n'-puff filter span, which determines the most recent
1526               interval the algorithm will search for a minimum delay. The
1527               lower limit is 900 s (15 m), but a more reasonable value is
1528               7200 (2 hours). There is no default since the filter is not
1529               enabled unless this command is given.
1530
1531           panic panic
1532               The argument is the panic threshold, normally 1000 s. If set to
1533               zero, the panic sanity check is disabled, and a clock offset of
1534               any value will be accepted.
1535
1536           step step
1537               The argument is the step threshold, which by default is 0.128
1538               sec. It can be set to any positive number in seconds. If set to
1539               zero, step adjustments will never occur. Note: The kernel time
1540               discipline is disabled if the step threshold is set to zero or
1541               greater than the default.
1542
1543           stepback stepback
1544               The argument is the step threshold for the backward direction,
1545               which by default is 0.128 sec. It can be set to any positive
1546               number in seconds. If both the forward and backward step
1547               thresholds are set to zero, step adjustments will never occur.
1548               Note: The kernel time discipline is disabled if each direction
1549               of step threshold are either set to zero or greater than .5
1550               second.
1551
1552           stepfwd stepfwd
1553               As for stepback, but for the forward direction.
1554
1555           stepout stepout
1556               The argument is the stepout timeout, which by default is 900 s.
1557               It can be set to any positive number in seconds. If set to
1558               zero, the stepout pulses will not be suppressed.
1559
1560       rlimit [memlock megabytes | stacksize 4kPages | filenum
1561       filedescriptors]
1562
1563           memlock megabytes
1564               Ignored for backward compatibility.
1565
1566           stacksize 4kPages
1567               Specifies the maximum size of the process stack on systems with
1568               the mlockall() function. Defaults to 50 4k pages.
1569
1570           filenum filedescriptors
1571               Specifies the maximum number of file descriptors ntpd may have
1572               open at once. Defaults to the system default.
1573

FILES

1575       /etc/ntp.conf
1576           the default name of the configuration file
1577
1578       ntp.keys
1579           private keys
1580
1581       One of the following exit values will be returned:
1582
1583       0 (EXIT_SUCCESS)
1584           Successful program execution.
1585
1586       1 (EXIT_FAILURE)
1587           The operation failed or the command syntax was not valid.
1588

SEE ALSO

1590       ntpd(8), ntpq(1).
1591
1592       In addition to the manual pages provided, comprehensive documentation
1593       is available on the world wide web at https://www.ntpsec.org. A
1594       snapshot of this documentation is available in HTML format in
1595       /usr/share/doc/ntp.
1596
1597       David L. Mills, Network Time Protocol (Version 4), RFC 5905
1598

BUGS

1600       The syntax checking is not picky; some combinations of ridiculous and
1601       even hilarious options and modes may not be detected.
1602
1603
1604
1605NTPsec                            2022-01-20                       NTP.CONF(5)
Impressum