1NTP.CONF(5) NTPsec NTP.CONF(5)
2
6 ntp.conf - Network Time Protocol (NTP) daemon configuration file format
7
9 /etc/ntp.conf
10
12 The ntp.conf configuration file is read at initial startup by the
13 ntpd(8) daemon in order to specify the synchronization sources, modes,
14 and other related information. Usually, it is installed in the /etc
15 directory, but could be installed elsewhere (see the daemon’s -c
16 command line option).
17 The file format is similar to other UNIX configuration files. Comments
19 begin with a ‘#’ character and extend to the end of the line; blank
20 lines are ignored. Configuration commands consist of an initial keyword
21 followed by a list of arguments, some of which may be optional,
22 separated by whitespace. Commands may not be continued over multiple
23 lines. Arguments may be host names, host addresses written in numeric,
24 dotted-quad form, integers, floating point numbers (when specifying
25 times in seconds) and text strings.
26 Configuration files may have inclusion lines. The syntax is includefile
28 followed by whitespace followed by a file or directory name. The
29 configuration is evaluated as though the text of the file - or all
30 files of the directory with the extension ".conf" - were textually
31 spliced in at the point of the include. Relative paths will work, even
32 when the -c option changes the config directory root.
33 The rest of this page describes the configuration and control options.
35 The "Notes on Configuring NTP and Setting up an NTP Subnet" page
36 (available as part of the HTML documentation provided under
37 /usr/share/doc/ntp) contains an extended discussion of these options.
38 In addition to the discussion of general Configuration Options, there
39 are sections describing the following supported functionality and the
40 options used to control it:
41 • Authentication Support
43 • NTS Support
45 • Monitoring Support
47 • Access Control Support
49 • Automatic NTP Configuration Options
51 • Reference Clock Support
53 • Miscellaneous Options
55 Following these is a section describing Miscellaneous Options. While
57 there is a rich set of options available, the only required option is
58 one or more pool, server, peer, or broadcast commands.
59
61 Following is a description of the configuration commands in NTPv4.
62 There are two classes of commands, association commands that configure
63 a persistent association with a remote server or peer or reference
64 clock, and auxiliary commands that specify environment variables that
65 control various related operations.
66 Association Commands
68 Only those options applicable to each command are listed below. Use of
69 options not listed may not be caught as an error, but may result in
70 some weird and even destructive behavior.
71 In contexts where a host name is expected, a -4 or --ipv4 qualifier
73 preceding the host name forces DNS resolution to the IPv4 namespace,
74 while a -6 or --ipv6 qualifier forces DNS resolution to the IPv6
75 namespace.
76 In these commands, an address can be any of (a) an IPV4 address in
78 a.b.c.d format, (b) an IPV6 address in [a:b:c:d:e:f:g:h] format, (c) a
79 link-local IPV6 address with an interface specified in
80 [a:b:c:d:e:f:g:h]%device format, or (d) a DNS hostname.
81 pool address [burst] [iburst] [version version] [prefer] [minpoll
83 minpoll] [maxpoll maxpoll] [preempt]
84 server address [key key] [burst] [iburst] [version version] [prefer]
86 [minpoll minpoll] [maxpoll maxpoll]
87 peer address [key key] [version version] [prefer] [minpoll minpoll]
89 [maxpoll maxpoll]
90 unpeer [address | associd | clock clocktype [unit unitnum]]
92 These four commands specify the time server name or address to be
93 used and the mode in which to operate. The address can be either a
94 DNS name or an IP address in dotted-quad notation. If it is a
95 refclock, it can be clock followed by a type-unit pair as in the
96 refclock directive; a missing unit clause is interpreted as unit 0.
97 pool
99 For server addresses, this command mobilizes a persistent client
100 mode association with a number of remote servers. In this mode the
101 local clock can synchronized to the remote server, but the remote
102 server can never be synchronized to the local clock.
103 server
105 For server addresses, this command mobilizes a persistent client
106 mode association with the specified remote server or local radio
107 clock. In this mode the local clock can synchronized to the remote
108 server, but the remote server can never be synchronized to the
109 local clock.
110 peer
112 NTP peer mode has been removed for security reasons. peer is now
113 just an alias for the server keyword. See above.
114 unpeer
116 This command removes a previously configured association. An
117 address or association ID can be used to identify the association.
118 Either an IP address or DNS name can be used. This command is most
119 useful when supplied via ntpq runtime configuration commands config
120 and config-from-file.
121 Association Options
123 bias
124 Add the command argument, a floating-point value in seconds, to the
125 time offset (θ) computed for this server; this may be useful
126 if you are a client on a network connection such as an ADSL line
127 where there is a predictable asymmetry between upstream and
128 downstream flight times. One way you might see this is if you use a
129 fixed set of others and one has a stable offset that is an outlier
130 from the others; in that case, you might want to use bias to
131 compensate out the offset.
132 burst
134 When the server is reachable, send a burst of eight packets instead
135 of the usual one. The packet spacing is normally 2 s; however, the
136 spacing between the first and second packets can be changed with
137 the calldelay command to allow additional time for a modem or ISDN
138 call to complete; this is designed to improve timekeeping quality
139 with the server command.
140 iburst
142 When the server is unreachable, send a burst of six packets instead
143 of the usual one. The packet spacing is normally 2 s; however, the
144 spacing between the first and second packets can be changed with
145 the calldelay command to allow additional time for a modem or ISDN
146 call to complete; this is designed to speed the initial
147 synchronization acquisition with the server command, and when
148 ntpd(8) is started with the -q option.
149 key key
151 All packets sent to and received from the server or peer are to
152 include authentication fields encrypted using the specified key
153 identifier with values from 1 to 65535, inclusive. The default is
154 to include no encryption field.
155 minpoll minpoll, maxpoll maxpoll
157 These options specify the minimum and maximum poll intervals for
158 NTP messages, as a power of 2 in seconds. The maximum poll interval
159 defaults to 10 (1,024 s), but can be increased by the maxpoll
160 option to an upper limit of 17 (36.4 h). The minimum poll interval
161 defaults to 6 (64 s), but can be decreased by the minpoll option to
162 a lower limit of 0 (1 s).
163 mode option
165 Pass the option to a reference clock driver. This option is valid
166 only with refclock addresses.
167 noselect
169 Marks the server as unused, except for display purposes. The server
170 is discarded by the selection algorithm.
171 prefer
173 Marks the server as preferred. All other things being equal, this
174 host will be chosen for synchronization among a set of correctly
175 operating hosts. See the "Mitigation Rules and the prefer Keyword"
176 page for further information.
177 true
179 Mark the association to assume truechimer status; that is, always
180 survive the selection and clustering algorithms. This option can be
181 used with any association but is most useful for reference clocks
182 with large jitter on the serial port and precision pulse-per-second
183 (PPS) signals. Caution: this option defeats the algorithms designed
184 to cast out falsetickers and can allow these sources to set the
185 system clock. This option is valid only with the server command.
186 version version
188 Specifies the version number to be used for outgoing NTP packets.
189 Versions 1-4 are the choices, with version 4 the default.
190 Association Auxiliary Commands
192 mdnstries number
193 If we are participating in mDNS, after we have synched for the
194 first time we attempt to register with the mDNS system. If that
195 registration attempt fails, we try again at one minute intervals
196 for up to number times. After all, ntpd may be starting before
197 mDNS. The default value for mdnstries is 5.
198 Authentication Commands
200 The following declarations control MAC authentication:
201 controlkey key
203 Specifies the key identifier to use with the ntpq(1) utility, which
204 uses the standard protocol defined in RFC 5905. The key argument is
205 the key identifier for a trusted key, where the value can be in the
206 range 1 to 65,535, inclusive.
207 keys keyfile
209 Specifies the complete path and location of the key file containing
210 the keys and key identifiers used by ntpd(8), and ntpq(1) when
211 operating with symmetric-key cryptography. This is the same
212 operation as the -k command line option.
213 trustedkey key...
215 Specifies the key identifiers which are trusted for the purposes of
216 authenticating peers with symmetric key cryptography, as well as
217 keys used by the ntpq(1) program. Multiple keys on the same line
218 should be separated by spaces. Key ranges can be specified as
219 (first ... last). The spaces around the ... are necessary. Multiple
220 trustedkey lines are supported and trusted keys can also be
221 specified on the command line.
222 The MAC authentication procedures require that both the local and
224 remote servers share the same key and key identifier for this purpose,
225 although different keys can be used with different servers. The key
226 arguments are 32-bit unsigned integers with values from 1 to 65,535.
227 NTS Commands
229 The following command controls NTS authentication. It overrides normal
230 TLS protocol negotiation, which is not usually necessary.
231 nts [enable|disable] [mintls version] [maxtls version] [tlsciphersuites
233 name]
234 The options are as follows:
236 cert file
238 Present the certificate in file as our certificate.
239 key file
241 Read the private key to our certificate from file.
242 ca location
244 Use the file, or directory, specified by location to validate
245 NTS-KE server certificates instead of the system default root
246 certificates. If a directory is specified, it must have files named
247 with their hash, as created by openssl rehash.
248 cookie location
250 Use the file (or directory) specified by location to store the keys
251 used to make and decode cookies. The default is
252 /var/lib/ntp/nts-keys.
253 enable
255 Enable NTS-KE server. When enabled, cert and key are required.
256 disable
258 Disable NTS-KE server.
259 mintls string
261 Set the lowest allowable TLS version to negotiate. Will be useful
262 in the wake of a TLS compromise. Reasonable values are TLS1.3 if
263 your system supports it. TLS 1.3 was first supported in OpenSSL
264 version 1.1.1.
265 maxtls string
267 Set the highest allowable TLS version to negotiate. By setting
268 mintls and maxtls equal, you can force the TLS version for testing.
269 Format is as for mintls.
270 tlsciphersuites string
272 An OpenSSL ciphersuite list to configure the allowed ciphersuites
273 for TLS 1.3. A single NULL cipher disables encryption and use of
274 certificates.
275 aead string
277 Specify the crypto algorithm to be used on the wire. The choices
278 come from RFC 5297. The only options supported are
279 AES_SIV_CMAC_256, AES_SIV_CMAC_384, and AES_SIV_CMAC_512. This slot
280 is dual use. It is the server default if the remote client doesn’t
281 request a valid choice and it is also the preference passed to the
282 remote client if the server command doesn’t specify a preference.
283 The default is AES_SIV_CMAC_256.
284 The following options of the server command configure NTS (as a
286 client).
287 nts
289 Use Network Time Security (NTS) for authentication. Normally, this
290 is all you have to do to activate the client side of NTS. + The
291 hostname following the server command is used as the address of the
292 NTS key exchange server (NTS-KE) rather than the address of a NTP
293 server. The NTS-KE exchange defaults to using the same IP address
294 for the NTP server. + Note that the server hostname must match the
295 name on the NTS-KE server’s certificate.
296 noval
298 Do not validate the server certificate.
299 ca location
301 Use the file, or directory, specified by location to validate the
302 NTS-KE server certificate, overriding the site default. Do not use
303 any other CA. If a directory is specified, it must have files named
304 with their hash, as created by openssl rehash.
305 aead string
307 Specify the preferred crypto algorithm to be used on the wire. The
308 only options supported are AES_SIV_CMAC_256, AES_SIV_CMAC_384, and
309 AES_SIV_CMAC_512. The server may ignore the request. See the aead
310 option above. + The same aead algorithms are also used to encrypt
311 cookies. The default is AES_SIV_CMAC_256. There is no config file
312 option to change it, but you can change it by editing the saved
313 cookie key file, probably /var/lib/ntp/nts-keys. Adjust the L: slot
314 to be 48 or 64 and adjust the I: slots to have the right number of
315 bytes. Then restart the server. (All old cookies held by clients
316 will be rejected so their next 8 NTP requests will be ignored. They
317 should recover by retrying NTS-KE to get fresh cookies.)
318
320 ntpd(8) includes a comprehensive monitoring facility suitable for
321 continuous, long term recording of server and client timekeeping
322 performance. See the statistics command below for a listing and example
323 of each type of statistics currently supported. Statistic files are
324 managed using file generation sets and scripts in the ./scripts
325 directory of this distribution. Using these facilities and UNIX cron(8)
326 jobs, the data can be automatically summarized and archived for
327 retrospective analysis.
328 Monitoring Commands
330 statistics name...
331 Enables writing of statistics records. Currently, eight kinds of
332 name statistics are supported.
333 clockstats
335 Enables recording of clock driver statistics information. Each
336 update received from a clock driver appends a line of the
337 following form to the file generation set named clockstats:
338 49213 525.624 SPECTRACOM(1) 93 226 00:08:29.606
340 ┌────────────────────┬───────┬─────────────────────┐
342 │ │ │ │
343 │Item │ Units │ Description │
344 ├────────────────────┼───────┼─────────────────────┤
345 │ │ │ │
346 │49213 │ MJD │ modified Julian day │
347 │ │ │ number │
348 ├────────────────────┼───────┼─────────────────────┤
349 │ │ │ │
350 │525.624 │ s │ time of day (s) │
351 │ │ │ past midnight UTC │
352 ├────────────────────┼───────┼─────────────────────┤
353 │ │ │ │
354 │SPECTRACOM(1) │ │ receiver identifier │
355 │ │ │ (Spectracom unit 1) │
356 ├────────────────────┼───────┼─────────────────────┤
357 │ │ │ │
358 │93 226 00:08:29.606 │ │ timecode (format │
359 │ │ │ varies by refclock) │
360 └────────────────────┴───────┴─────────────────────┘
361 The first two fields show the date (Modified Julian Day) and time
363 (seconds and fraction past UTC midnight). The next normally shows
364 clock type and unit (but if you are running in strict Classic
365 compatibility mode it will show the magic clock address in
366 dotted-quad notation). The final field is the last timecode
367 received from the clock in decoded ASCII format, where meaningful.
368 For some clock drivers, a good deal of additional information can
369 be gathered and displayed as well. See information specific to each
370 clock for further details.
371 loopstats
373 Enables recording of loop filter statistics information. Each
374 update of the local clock outputs a line of the following form
375 to the file generation set named loopstats:
376 50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
378 ┌────────────┬────────┬─────────────────────┐
380 │ │ │ │
381 │Item │ Units │ Description │
382 ├────────────┼────────┼─────────────────────┤
383 │ │ │ │
384 │50935 │ MJD │ date │
385 ├────────────┼────────┼─────────────────────┤
386 │ │ │ │
387 │75440.031 │ s │ time past midnight │
388 ├────────────┼────────┼─────────────────────┤
389 │ │ │ │
390 │0.000006019 │ s │ clock offset │
391 ├────────────┼────────┼─────────────────────┤
392 │ │ │ │
393 │13.778 │ PPM │ drift (frequency │
394 │ │ │ offset) │
395 ├────────────┼────────┼─────────────────────┤
396 │ │ │ │
397 │0.000351733 │ s │ RMS jitter │
398 ├────────────┼────────┼─────────────────────┤
399 │ │ │ │
400 │0.013380 │ PPM │ RMS frequency │
401 │ │ │ jitter (aka wander) │
402 ├────────────┼────────┼─────────────────────┤
403 │ │ │ │
404 │6 │ log2 s │ clock discipline │
405 │ │ │ loop time constant │
406 └────────────┴────────┴─────────────────────┘
407 The first two fields show the date (Modified Julian Day) and time
409 (seconds and fraction past UTC midnight). The next five fields show
410 time offset (seconds), frequency offset (parts per million - PPM),
411 RMS jitter (seconds), Allan deviation (PPM) and clock discipline
412 time constant.
413 protostats
415 Record significant peer and system events. Each significant
416 event appends one line to the protostats file set:
417 49213 525.624 128.4.1.1 963a 8a message
419 ┌──────────┬───────┬────────────────────┐
421 │ │ │ │
422 │Item │ Units │ Description │
423 ├──────────┼───────┼────────────────────┤
424 │ │ │ │
425 │49213 │ MJD │ date │
426 ├──────────┼───────┼────────────────────┤
427 │ │ │ │
428 │525.624 │ s │ time past midnight │
429 ├──────────┼───────┼────────────────────┤
430 │ │ │ │
431 │128.4.1.1 │ IP │ source address │
432 │ │ │ (0.0.0.0 for │
433 │ │ │ system) │
434 ├──────────┼───────┼────────────────────┤
435 │ │ │ │
436 │963a │ code │ status word │
437 ├──────────┼───────┼────────────────────┤
438 │ │ │ │
439 │8a │ code │ event message code │
440 ├──────────┼───────┼────────────────────┤
441 │ │ │ │
442 │message │ text │ event message │
443 └──────────┴───────┴────────────────────┘
444 The event message code and message field are described on the
446 "Event Messages and Status Words" page.
447 peerstats
449 Enables recording of peer statistics information. This includes
450 statistics records of all peers of an NTP server and of special
451 signals, where present and configured. Each valid update
452 appends a line of the following form to the current element of
453 a file generation set named peerstats:
454 48773 10847.650 SPECTRACOM(4) 9714 -0.001605376 0.000000000
456 0.001424877 0.000958674
457 ┌──────────────┬───────┬────────────────────┐
459 │ │ │ │
460 │Item │ Units │ Description │
461 ├──────────────┼───────┼────────────────────┤
462 │ │ │ │
463 │48773 │ MJD │ date │
464 ├──────────────┼───────┼────────────────────┤
465 │ │ │ │
466 │10847.650 │ s │ time past midnight │
467 ├──────────────┼───────┼────────────────────┤
468 │ │ │ │
469 │SPECTRACOM(4) │ │ clock name (unit) │
470 │ │ │ or source address │
471 ├──────────────┼───────┼────────────────────┤
472 │ │ │ │
473 │9714 │ hex │ status word │
474 ├──────────────┼───────┼────────────────────┤
475 │ │ │ │
476 │-0.001605376 │ s │ clock offset │
477 ├──────────────┼───────┼────────────────────┤
478 │ │ │ │
479 │0.000000000 │ s │ roundtrip delay │
480 ├──────────────┼───────┼────────────────────┤
481 │ │ │ │
482 │0.001424877 │ s │ dispersion │
483 ├──────────────┼───────┼────────────────────┤
484 │ │ │ │
485 │0.000958674 │ s │ RMS jitter │
486 └──────────────┴───────┴────────────────────┘
487 The first two fields show the date (Modified Julian Day) and time
489 (seconds and fraction past UTC midnight). The third field shows the
490 reference clock type and unit number (but if you are running in the
491 peer address in dotted-quad notation instead) The fourth field is a
492 status word, encoded in hex in the format described in Appendix A
493 of the NTP specification RFC 1305. The final four fields show the
494 offset, delay, dispersion and RMS jitter, all in seconds.
495 rawstats
497 Enables recording of raw-timestamp statistics information. This
498 includes statistics records of all peers of an NTP server and
499 of special signals, where present and configured. Each NTP
500 message received from a peer or clock driver appends a line of
501 the following form to the file generation set named rawstats:
502 56285 54575.160 128.4.1.1 192.168.1.5 3565350574.400229473
504 3565350574.442385200 3565350574.442436000
505 3565350575.154505763 0 4 4 1 8 -21 0.000000 0.000320
506 PPS 0
507 ┌─────────────────────┬────────────────────┬─────────────────────┐
509 │ │ │ │
510 │Item │ Units │ Description │
511 ├─────────────────────┼────────────────────┼─────────────────────┤
512 │ │ │ │
513 │56285 │ MJD │ date │
514 ├─────────────────────┼────────────────────┼─────────────────────┤
515 │ │ │ │
516 │54575.160 │ s │ time past midnight │
517 ├─────────────────────┼────────────────────┼─────────────────────┤
518 │ │ │ │
519 │128.4.1.1 │ IP │ source address │
520 ├─────────────────────┼────────────────────┼─────────────────────┤
521 │ │ │ │
522 │192.168.1.5 │ IP │ destination address │
523 ├─────────────────────┼────────────────────┼─────────────────────┤
524 │ │ │ │
525 │3565350574.400229473 │ NTP s │ origin timestamp │
526 ├─────────────────────┼────────────────────┼─────────────────────┤
527 │ │ │ │
528 │3565350574.442385200 │ NTP s │ receive timestamp │
529 ├─────────────────────┼────────────────────┼─────────────────────┤
530 │ │ │ │
531 │3565350574.442436000 │ NTP s │ transmit timestamp │
532 ├─────────────────────┼────────────────────┼─────────────────────┤
533 │ │ │ │
534 │3565350575.154505763 │ NTP s │ destination │
535 │ │ │ timestamp │
536 ├─────────────────────┼────────────────────┼─────────────────────┤
537 │ │ │ │
538 │0 │ 0: OK, 1: insert │ leap warning │
539 │ │ pending, 2: delete │ indicator │
540 │ │ pending, 3: not │ │
541 │ │ synced │ │
542 ├─────────────────────┼────────────────────┼─────────────────────┤
543 │ │ │ │
544 │4 │ 4 was current in │ NTP version │
545 │ │ 2012 │ │
546 ├─────────────────────┼────────────────────┼─────────────────────┤
547 │ │ │ │
548 │4 │ 3: client, 4: │ mode │
549 │ │ server, 6: ntpq │ │
550 ├─────────────────────┼────────────────────┼─────────────────────┤
551 │ │ │ │
552 │1 │ 1-15, 16: not │ stratum │
553 │ │ synced │ │
554 ├─────────────────────┼────────────────────┼─────────────────────┤
555 │ │ │ │
556 │8 │ log2 seconds │ poll │
557 ├─────────────────────┼────────────────────┼─────────────────────┤
558 │ │ │ │
559 │-21 │ log2 seconds │ precision │
560 ├─────────────────────┼────────────────────┼─────────────────────┤
561 │ │ │ │
562 │0.000000 │ seconds │ total roundtrip │
563 │ │ │ delay from the │
564 │ │ │ remote server to │
565 │ │ │ the primary │
566 │ │ │ reference clock │
567 ├─────────────────────┼────────────────────┼─────────────────────┤
568 │ │ │ │
569 │0.000320 │ seconds │ total dispersion │
570 │ │ │ from the remote │
571 │ │ │ server to the │
572 │ │ │ primary reference │
573 │ │ │ clock │
574 ├─────────────────────┼────────────────────┼─────────────────────┤
575 │ │ │ │
576 │.PPS. │ IP or text │ refid, association │
577 │ │ │ ID │
578 ├─────────────────────┼────────────────────┼─────────────────────┤
579 │ │ │ │
580 │0 │ integer │ lost packets since │
581 │ │ │ last response │
582 └─────────────────────┴────────────────────┴─────────────────────┘
583 The first two fields show the date (Modified Julian Day) and time
585 (seconds and fraction past UTC midnight). The next two fields show
586 the remote peer or clock identification followed by the local
587 address in dotted-quad notation. The final four fields show the
588 originate, receive, transmit and final NTP timestamps in order. The
589 timestamp values are as received and before processing by the
590 various data smoothing and mitigation algorithms.
591 sysstats
593 Enables recording of ntpd statistics counters on a periodic
594 basis. Each hour a line of the following form is appended to
595 the file generation set named sysstats:
596 50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147 1
598 ┌─────────┬───────┬────────────────────┐
600 │ │ │ │
601 │Item │ Units │ Description │
602 ├─────────┼───────┼────────────────────┤
603 │ │ │ │
604 │50928 │ MJD │ date │
605 ├─────────┼───────┼────────────────────┤
606 │ │ │ │
607 │2132.543 │ s │ time past midnight │
608 ├─────────┼───────┼────────────────────┤
609 │ │ │ │
610 │3600 │ s │ time since reset │
611 ├─────────┼───────┼────────────────────┤
612 │ │ │ │
613 │81965 │ # │ packets received │
614 ├─────────┼───────┼────────────────────┤
615 │ │ │ │
616 │0 │ # │ packets for this │
617 │ │ │ host │
618 ├─────────┼───────┼────────────────────┤
619 │ │ │ │
620 │9546 │ # │ current versions │
621 ├─────────┼───────┼────────────────────┤
622 │ │ │ │
623 │56 │ # │ old version │
624 ├─────────┼───────┼────────────────────┤
625 │ │ │ │
626 │512 │ # │ access denied │
627 ├─────────┼───────┼────────────────────┤
628 │ │ │ │
629 │540 │ # │ bad length or │
630 │ │ │ format │
631 ├─────────┼───────┼────────────────────┤
632 │ │ │ │
633 │10 │ # │ bad authentication │
634 ├─────────┼───────┼────────────────────┤
635 │ │ │ │
636 │4 │ # │ declined │
637 ├─────────┼───────┼────────────────────┤
638 │ │ │ │
639 │147 │ # │ rate exceeded │
640 ├─────────┼───────┼────────────────────┤
641 │ │ │ │
642 │1 │ # │ kiss-o'-death │
643 │ │ │ packets sent │
644 └─────────┴───────┴────────────────────┘
645 The first two fields show the date (Modified Julian Day) and time
647 (seconds and fraction past UTC midnight). The remaining ten fields
648 show the statistics counter values accumulated since the last
649 generated line.
650 usestats
652 Enables recording of ntpd resource usage statistics. Each hour
653 a line of the following form is appended to the file generation
654 set named usestats:
655 57570 83399.541 3600 0.902 1.451 164 0 0 0 2328 64226 1 0 4308
657 ┌──────────┬───────┬─────────────────────┐
659 │ │ │ │
660 │Item │ Units │ Description │
661 ├──────────┼───────┼─────────────────────┤
662 │ │ │ │
663 │57570 │ MJD │ date │
664 ├──────────┼───────┼─────────────────────┤
665 │ │ │ │
666 │83399.541 │ s │ time past midnight │
667 ├──────────┼───────┼─────────────────────┤
668 │ │ │ │
669 │3600 │ s │ time since reset │
670 ├──────────┼───────┼─────────────────────┤
671 │ │ │ │
672 │0.902 │ s │ ru_utime: CPU │
673 │ │ │ seconds - user mode │
674 ├──────────┼───────┼─────────────────────┤
675 │ │ │ │
676 │1.451 │ s │ ru_stime: CPU │
677 │ │ │ seconds - system │
678 ├──────────┼───────┼─────────────────────┤
679 │ │ │ │
680 │164 │ # │ ru_minflt: page │
681 │ │ │ faults - │
682 │ │ │ reclaim/soft (no │
683 │ │ │ I/O) │
684 ├──────────┼───────┼─────────────────────┤
685 │ │ │ │
686 │0 │ # │ ru_majflt: page │
687 │ │ │ faults - I/O │
688 ├──────────┼───────┼─────────────────────┤
689 │ │ │ │
690 │0 │ # │ ru_nswap: process │
691 │ │ │ swapped out │
692 ├──────────┼───────┼─────────────────────┤
693 │ │ │ │
694 │0 │ # │ ru_inblock: file │
695 │ │ │ blocks in │
696 ├──────────┼───────┼─────────────────────┤
697 │ │ │ │
698 │2328 │ # │ ru_oublock: file │
699 │ │ │ blocks out │
700 ├──────────┼───────┼─────────────────────┤
701 │ │ │ │
702 │64226 │ # │ ru_nvcsw: context │
703 │ │ │ switches, wait │
704 ├──────────┼───────┼─────────────────────┤
705 │ │ │ │
706 │1 │ # │ ru_nivcsw: context │
707 │ │ │ switches, preempts │
708 ├──────────┼───────┼─────────────────────┤
709 │ │ │ │
710 │0 │ # │ ru_nsignals: │
711 │ │ │ signals │
712 ├──────────┼───────┼─────────────────────┤
713 │ │ │ │
714 │4308 │ # │ ru_maxrss: resident │
715 │ │ │ set size, kilobytes │
716 └──────────┴───────┴─────────────────────┘
717 The first two fields show the date (Modified Julian Day) and time
719 (seconds and fraction past UTC midnight). The ru_ tags are the
720 names from the rusage struct. See man getrusage for details. (The
721 NetBSD and FreeBSD man pages have more details.) The maxrss column
722 is the high water mark since the process was started. The remaining
723 fields show the values used since the last report.
724 statsdir directory_path
726 Indicates the full path of a directory where statistics files
727 should be created (see below). This keyword allows the (otherwise
728 constant) filegen filename prefix to be modified for file
729 generation sets, which is useful for handling statistics logs.
730 filegen name [file filename] [type typename] [link | nolink] [enable |
732 disable]
733 Configures setting of the generation file set name. Generation file
734 sets provide a means for handling files that are continuously
735 growing during the lifetime of a server. Server statistics are a
736 typical example for such files. Generation file sets provide access
737 to a set of files used to store the actual data. At any time at
738 most one element of the set is being written to. The type given
739 specifies when and how data will be directed to a new element of
740 the set. This way, information stored in elements of a file set
741 that are currently unused are available for administrative
742 operations without the risk of disturbing the operation of ntpd.
743 (Most important: they can be removed to free space for new data
744 produced.)
745 Note that this command can be sent from the ntpq(1) program running
747 at a remote location.
748 name
750 This is the type of the statistics records, as shown in the
751 statistics command.
752 file filename
754 This is the file name for the statistics records. Filenames of
755 set members are built from three concatenated elements prefix,
756 filename and suffix:
757 ┌──────────┬────────────────────────────┐
759 │ │ │
760 │Attribute │ Description │
761 ├──────────┼────────────────────────────┤
762 │ │ │
763 │prefix │ This is a constant │
764 │ │ filename path. It is not │
765 │ │ subject to modifications │
766 │ │ via the filegen option. It │
767 │ │ is defined by the server, │
768 │ │ usually specified as a │
769 │ │ compile-time constant. It │
770 │ │ may, however, be │
771 │ │ configurable for │
772 │ │ individual file generation │
773 │ │ sets via other commands. │
774 │ │ For example, the prefix │
775 │ │ used with loopstats and │
776 │ │ peerstats generation can │
777 │ │ be configured using the │
778 │ │ statsdir option explained │
779 │ │ above. │
780 ├──────────┼────────────────────────────┤
781 │ │ │
782 │filename │ This string is directly │
783 │ │ concatenated to the prefix │
784 │ │ mentioned above (no │
785 │ │ intervening ‘/’). This can │
786 │ │ be modified using the file │
787 │ │ argument to the filegen │
788 │ │ statement. No .. elements │
789 │ │ are allowed in this │
790 │ │ component to prevent │
791 │ │ filenames referring to │
792 │ │ parts outside the │
793 │ │ filesystem hierarchy │
794 │ │ denoted by prefix. │
795 ├──────────┼────────────────────────────┤
796 │ │ │
797 │suffix │ This part is reflects │
798 │ │ individual elements of a │
799 │ │ file set. It is generated │
800 │ │ according to the type of a │
801 │ │ file set. │
802 └──────────┴────────────────────────────┘
803 type typename
805 A file generation set is characterized by its type. The
806 following types are supported: // The following are tables only
807 because indent lists cannot be // nested more than 2 deep.
808 ┌──────────┬────────────────────────────┐
810 │ │ │
811 │Attribute │ Description │
812 ├──────────┼────────────────────────────┤
813 │ │ │
814 │none │ The file set is actually a │
815 │ │ single plain file. │
816 ├──────────┼────────────────────────────┤
817 │ │ │
818 │pid │ One element of file set is │
819 │ │ used per incarnation of a │
820 │ │ ntpd server. This type │
821 │ │ does not perform any │
822 │ │ changes to file set │
823 │ │ members during runtime, │
824 │ │ however it provides an │
825 │ │ easy way of separating │
826 │ │ files belonging to │
827 │ │ different ntpd(8) server │
828 │ │ incarnations. The set │
829 │ │ member filename is built │
830 │ │ by appending a ‘.’ to │
831 │ │ concatenated prefix and │
832 │ │ filename strings, and │
833 │ │ appending the decimal │
834 │ │ representation of the │
835 │ │ process ID of the ntpd(8) │
836 │ │ server process. │
837 ├──────────┼────────────────────────────┤
838 │ │ │
839 │day │ One file generation set │
840 │ │ element is created per │
841 │ │ day. A day is defined as │
842 │ │ the period between 00:00 │
843 │ │ and 24:00 UTC. The file │
844 │ │ set member suffix consists │
845 │ │ of a ‘.’ and a day │
846 │ │ specification in the form │
847 │ │ YYYYMMdd. YYYY is a │
848 │ │ 4-digit year number (e.g., │
849 │ │ 1992). MM is a two digit │
850 │ │ month number. dd is a two │
851 │ │ digit day number. Thus, │
852 │ │ all information written at │
853 │ │ 10 December 1992 would end │
854 │ │ up in a file named prefix │
855 │ │ filename.19921210. │
856 ├──────────┼────────────────────────────┤
857 │ │ │
858 │week │ Any file set member │
859 │ │ contains data related to a │
860 │ │ certain week of a year. │
861 │ │ The term week is defined │
862 │ │ by computing day-of-year │
863 │ │ modulo 7. Elements of such │
864 │ │ a file generation set are │
865 │ │ distinguished by appending │
866 │ │ the following suffix to │
867 │ │ the file set filename │
868 │ │ base: A dot, a 4-digit │
869 │ │ year number, the letter W, │
870 │ │ and a 2-digit week number. │
871 │ │ For example, information │
872 │ │ from January, 10th 1992 │
873 │ │ would end up in a file │
874 │ │ with suffix 1992W1. │
875 ├──────────┼────────────────────────────┤
876 │ │ │
877 │month │ One generation file set │
878 │ │ element is generated per │
879 │ │ month. The file name │
880 │ │ suffix consists of a dot, │
881 │ │ a 4-digit year number, and │
882 │ │ a 2-digit month. │
883 ├──────────┼────────────────────────────┤
884 │ │ │
885 │year │ One generation file │
886 │ │ element is generated per │
887 │ │ year. The filename suffix │
888 │ │ consists of a dot and a 4 │
889 │ │ digit year number. │
890 ├──────────┼────────────────────────────┤
891 │ │ │
892 │age$$ │ This type of file │
893 │ │ generation sets changes to │
894 │ │ a new element of the file │
895 │ │ set every 24 hours of │
896 │ │ server operation. The │
897 │ │ filename suffix consists │
898 │ │ of a dot, the letter a, │
899 │ │ and an 8-digit number. │
900 │ │ This number is taken to be │
901 │ │ the number of seconds the │
902 │ │ server is running at the │
903 │ │ start of the corresponding │
904 │ │ 24-hour period. │
905 └──────────┴────────────────────────────┘
906 link | nolink
908 It is convenient to be able to access the current element of a
909 file generation set by a fixed name. This feature is enabled by
910 specifying link and disabled using nolink. If link is
911 specified, a hard link from the current file set element to a
912 file without suffix is created. When there is already a file
913 with this name and the number of links of this file is one, it
914 is renamed appending a dot, the letter C, and the pid of the
915 ntpd server process. When the number of links is greater than
916 one, the file is unlinked. This allows the current file to be
917 accessed by a constant name.
918 enable | disable
920 Enables or disables the recording function. Information is only
921 written to a file generation by specifying enable; output is
922 prevented by specifying disable.
923
925 The ntpd(8) daemon implements a general purpose address/mask based
926 restriction list. The list contains address/match entries sorted first
927 by increasing address values and then by increasing mask values. A
928 match occurs when the bitwise AND of the mask and the packet source
929 address is equal to the bitwise AND of the mask and address in the
930 list. The list is searched in order with the last match found defining
931 the restriction flags associated with the entry. Additional information
932 and examples can be found in the "Notes on Configuring NTP and Setting
933 up a NTP Subnet" page (available as part of the HTML documentation).
934 The restriction facility was implemented in conformance with the access
936 policies for the original NSFnet backbone time servers. Later the
937 facility was expanded to deflect cryptographic and clogging attacks.
938 While this facility may be useful for keeping unwanted or broken or
939 malicious clients from congesting innocent servers, it should not be
940 considered an alternative to the NTP authentication facilities. Source
941 address based restrictions are easily circumvented by a determined
942 cracker.
943 Clients can be denied service because they are explicitly included in
945 the restrict list created by the restrict command or implicitly as the
946 result of cryptographic or rate limit violations. Cryptographic
947 violations include certificate or identity verification failures; rate
948 limit violations generally result from defective NTP implementations
949 that send packets at abusive rates. Some violations cause denied
950 service only for the offending packet, others cause denied service for
951 a timed period and others cause the denied service for an indefinite
952 period. When a client or network is denied access for an indefinite
953 period, the only way at present to remove the restrictions is by
954 restarting the server.
955 The Kiss-of-Death Packet
957 Ordinarily, packets denied service are simply dropped with no further
958 action except incrementing statistics counters. Sometimes a more
959 proactive response is needed, such as a server message that explicitly
960 requests the client to stop sending and leave a message for the system
961 operator. A special packet format has been created for this purpose
962 called the "kiss-of-death" (KoD) packet. KoD packets have the leap bits
963 set unsynchronized and stratum set to zero and the reference identifier
964 field set to a four-byte ASCII code. If the noserve or notrust flag of
965 the matching restrict list entry is set, the code is "DENY"; if the
966 limited flag is set and the rate limit is exceeded, the code is "RATE".
967 Finally, if a cryptographic violation occurs, the code is "CRYP".
968 A client receiving a KoD performs a set of sanity checks to minimize
970 security exposure, then updates the stratum and reference identifier
971 peer variables, sets the access denied (BOGON4) bit in the peer flash
972 variable and sends a message to the log. As long as the BOGON4 bit is
973 set, the client will send no further packets to the server. The only
974 way at present to recover from this condition is to restart the
975 protocol at both the client and server. This happens automatically at
976 the client when the association times out. It will happen at the server
977 only if the server operator cooperates.
978
980 limit [average average] [burst burst] [kod kod]
981 Set the parameters of the limited facility which protects the
982 server from client abuse. Internally, each MRU <ntpq.html#mrulist>
983 slot contains a score in units of packets per second. It is updated
984 each time a packet arrives from that IP Address. The score decays
985 exponentially at the burst rate and is bumped by 1.0/burst when a
986 packet arrives.
987 average average
989 Specify the allowed average rate for response packets in
990 packets per second. The default is 1.0
991 burst burst
993 Specify the allowed burst size if the bursts are far enough
994 apart to keep the average rate below average. The default is
995 20.0
996 kod kod
998 Specify the allowed average rate for KoD packets in packets per
999 second. The default is 0.5
1000 restrict address[/cidr] [mask mask] [flag ...]
1002 The address argument expressed in dotted-quad (for IPv4) or
1003 :-delimited (for IPv6) form is the address of a host or network.
1004 Alternatively, the address argument can be a valid host DNS name.
1005 The mask argument expressed in IPv4 or IPv6 numeric address form
1006 defaults to all mask bits on, meaning that the address is treated
1007 as the address of an individual host. Instead of an explicit mask,
1008 the address/cidr may be specified in CIDR notation. A default entry
1009 (address 0.0.0.0, mask 0.0.0.0) is always included and is always
1010 the first entry in the list. Note that text string default, with no
1011 mask option, may be used to indicate the default entry. In the
1012 current implementation, flag always restricts access, i.e., an
1013 entry with no flags indicates that free access to the server is to
1014 be given. The flags are not orthogonal, in that more restrictive
1015 flags will often make less restrictive ones redundant. The flags
1016 can generally be classed into two categories, those which restrict
1017 time service and those which restrict informational queries and
1018 attempts to do a run-time reconfiguration of the server. One or
1019 more of the following flags may be specified:
1020 flake
1022 Discard received NTP packets with probability 0.1; that is, on
1023 average drop one packet in ten. This flag is for testing and
1024 amusement. The name comes from Bob Braden’s flakeway, which
1025 once did a similar thing for early Internet testing.
1026 ignore
1028 Deny packets of all kinds, including ntpq(1) queries.
1029 kod
1031 If this flag is set when an access violation occurs, a
1032 kiss-o'-death (KoD) packet is sent. KoD packets are rate
1033 limited.
1034 limited
1036 Deny service if the packet spacing violates the lower limits
1037 specified in the limit command. A history of clients is kept
1038 using the monitoring capability of ntpd(8). Thus, monitoring is
1039 always active as long as there is a restriction entry with the
1040 limited flag.
1041 mssntp
1043 Enable Microsoft Windows MS-SNTP authentication using Active
1044 Directory services. Note: Potential users should be aware that
1045 these services involve a TCP connection to another process that
1046 could potentially block, denying services to other users.
1047 Therefore, this flag should be used only for a dedicated server
1048 with no clients other than MS-SNTP.
1049 nomodify
1051 Deny ntpq(1) queries which attempt to modify the state of the
1052 server (i.e., run time reconfiguration). Queries which return
1053 information are permitted.
1054 nomrulist
1056 Do not accept MRU-list requests. These can be expensive to
1057 service and may generate a high volume of response traffic.
1058 nopeer
1060 Deny packets which would result in mobilizing a new
1061 association; this includes symmetric active packets when a
1062 configured association does not exist. That used to happen when
1063 the remote client used the peer command in its config file. We
1064 don’t support that mode. It used to include pool servers, but
1065 they now poke a hole in any restrictions.
1066 noquery
1068 Deny ntpq(1) queries. Time service is not affected.
1069 noserve
1071 Deny all packets except ntpq(1) and queries.
1072 notrust
1074 Deny service unless the packet is cryptographically
1075 authenticated.
1076 ntpport
1078 This is a match algorithm modifier, rather than a restriction
1079 flag. Its presence causes the restriction entry to be matched
1080 if the source port in the packet is the standard NTP UDP port
1081 (123). Both ntpport and non-ntpport may be specified. The
1082 ntpport is considered more specific and is sorted later in the
1083 list.
1084 version
1086 Deny packets that do not match the current NTP version.
1087 Note: A second restrict line with the same address/mask does not
1089 replace the first one. The flags are merged. Thus:
1090 restrict bob X
1092 restrict bob Y
1093 is the same as
1095 restrict bob X Y
1097 Default restriction list entries with the flags ignore, interface,
1099 ntpport, for each of the local host’s interface addresses are inserted
1100 into the table at startup to prevent the server from attempting to
1101 synchronize to its own time. A default entry is also always present. It
1102 has noquery to avoid packet length amplification which can be used for
1103 DDoS with a forged return address and limited to avoid DDoS
1104 reflections.
1105 unrestrict address[/cidr] [mask mask] [flag ...]
1107 Like a restrict command, but turns off the specified flags rather
1108 than turning them on (expected to be useful mainly with ntpq
1109 :config). An unrestrict with no flags specified removes any rule
1110 with matching address and mask. Use only on an address/mask or
1111 CIDR-format address mentioned in a previous restrict statement.
1112 Note: unrestrict default will not do anything; you can’t remove the
1114 builtin defaults. If you want to remove them, use unrestrict default
1115 noquery limited to turn off those flags.
1116
1118 Manycasting
1119 For a detailed description of manycast operation, see the "Server
1120 Discovery" page (available as part of the HTML documentation).
1121 Manycast Options
1123 tos [ceiling ceiling | floor floor | minclock minclock | minsane
1124 minsane]
1125 This command affects the clock selection and clustering algorithms.
1126 It can be used to select the quality and quantity of peers used to
1127 synchronize the system clock and is most useful in manycast mode.
1128 The variables operate as follows:
1129 ceiling ceiling
1131 Peers with strata above ceiling will be discarded if there are
1132 at least minclock peers remaining. This value defaults to 15,
1133 but can be changed to any number from 1 to 15.
1134 floor floor
1136 Peers with strata below floor will be discarded if there are at
1137 least minclock peers remaining. This value defaults to 1, but
1138 can be changed to any number from 1 to 15.
1139 minclock minclock
1141 The clustering algorithm repeatedly casts out outlier
1142 associations until no more than minclock associations remain.
1143 This value defaults to 3, but can be changed to any number from
1144 1 to the number of configured sources.
1145 minsane minsane
1147 This is the minimum number of candidates available to the clock
1148 selection algorithm in order to produce one or more truechimers
1149 for the clustering algorithm. If fewer than this number are
1150 available, the clock is undisciplined and allowed to run free.
1151 The default is 1 for legacy purposes. However, according to
1152 principles of Byzantine agreement, minsane should be at least 4
1153 in order to detect and discard a single falseticker.
1154
1156 For a detailed description of reference-clock configuration, see the
1157 "Reference Clock Drivers" page (available as part of the HTML
1158 documentation provided in /usr/share/doc/ntp).
1159
1161 refclock drivername [unit u] [prefer] [subtype int] [mode int] [minpoll
1162 int] [maxpoll int] [time1 sec] [time2 sec] [stratum int] [refid string]
1163 [path filename] [ppspath filename] [baud number] [flag1 {0 | 1}] [flag2
1164 {0 | 1}] [flag3 {0 | 1}] [flag4 {0 | 1}]
1165 This command is used to configure reference clocks. The required
1166 drivername argument is the shortname of a driver type (e.g., shm,
1167 nmea, generic; see the Reference Clock Drivers <refclock.html> page
1168 for a full list. The options are interpreted as follows:
1169 unit
1171 The 0-origin unit number of the device; this modifies the
1172 devicename. If not specified, defaults to zero.
1173 prefer
1175 Marks the reference clock as preferred. All other things being
1176 equal, this host will be chosen for synchronization among a set
1177 of correctly operating hosts and clocks. See the "Mitigation
1178 Rules and the prefer Keyword" page (available as part of the
1179 HTML documentation provided in /usr/share/doc/ntp) for further
1180 information.
1181 subtype int
1183 Some drivers (notably the generic and jjy drivers) support
1184 multiple device types. This option selects among them in a
1185 driver-dependent way.
1186 mode int
1188 Specifies a mode number which is interpreted in a
1189 device-specific fashion. For instance, it selects a dialing
1190 protocol in the ACTS driver and a sentence mix in the nmea
1191 driver.
1192 minpoll int; maxpoll int
1194 These options specify the minimum and maximum polling interval
1195 for reference clock messages, as a power of 2 in seconds. For
1196 most directly connected reference clocks, both minpoll and
1197 maxpoll default to 6 (64 sec). For modem reference clocks,
1198 minpoll defaults to 10 (17.1 min) and maxpoll defaults to 14
1199 (4.5 hours). The allowable range is 0 (1 sec) to 17 (36.4
1200 hours) inclusive.
1201 time1 sec
1203 Specifies a constant to be added to the time offset produced by
1204 the driver, a fixed-point decimal number in seconds. Each "g"
1205 on the end of the constant adds the number of seconds in a
1206 10-bit GPS era; each "G" adds the number of seconds in a 13-bit
1207 GPS era. This is used as a calibration constant to adjust the
1208 nominal time offset of a particular clock to agree with an
1209 external standard, such as a precision PPS signal. It also
1210 provides a way to correct a systematic error or bias due to era
1211 wraparound from a GPS device, serial port or operating system
1212 latencies, different cable lengths or receiver internal delay.
1213 The specified offset is in addition to the propagation delay
1214 provided by other means, such as internal DIP switches. Where a
1215 calibration for an individual system and driver is available,
1216 an approximate correction is noted in the driver documentation
1217 pages. Note: To facilitate calibration when more than one radio
1218 clock or PPS signal is supported, a special calibration feature
1219 is available. It takes the form of an argument to the enable
1220 command described in "Miscellaneous Options" page and operates
1221 as described in the "Reference Clock Drivers" page.
1222 time2 secs
1224 Specifies a fixed-point decimal number in seconds, which is
1225 interpreted in a driver-dependent way. See the descriptions of
1226 specific drivers in the "Reference Clock Drivers" page.
1227 stratum int
1229 Specifies the stratum number assigned to the driver, an integer
1230 between 0 and 15. This number overrides the default stratum
1231 number ordinarily assigned by the driver itself, usually zero.
1232 refid string
1234 Specifies an ASCII string of from one to four characters which
1235 defines the reference identifier used by the driver. This
1236 string overrides the default identifier ordinarily assigned by
1237 the driver itself.
1238 path filepath
1240 Overrides the default device location for this refclock.
1241 ppspath filepath
1243 Overrides the default PPS device location (if any) for this
1244 driver.
1245 baud number
1247 Overrides the defaults baud rate for this driver.
1248 flag1 {0 | 1}; flag2 {0 | 1}; flag3 {0 | 1}; flag4 {0 | 1}
1250 These four flags are used for customizing the clock driver. The
1251 interpretation of these values, and whether they are used at
1252 all, is a function of the particular clock driver. However, by
1253 convention flag4 is used to enable recording monitoring data to
1254 the clockstats file configured with the filegen command.
1255 Further information on the filegen command can be found in
1256 "Monitoring Options".
1257
1259 driftfile driftfile
1260 This command specifies the complete path and name of the file used
1261 to record the frequency of the local clock oscillator; this is the
1262 same operation as the -f command line option. If the file exists,
1263 it is read at startup to set the initial frequency and then updated
1264 once per hour with the current frequency computed by the daemon. If
1265 the file name is specified, but the file itself does not exist,
1266 ntpd starts with an initial frequency of zero and creates the file
1267 when writing it for the first time. If this command is not given,
1268 the daemon will always start with an initial frequency of zero.
1269 The file format consists of a single line containing a single
1271 floating point number, which records the frequency offset measured
1272 in parts-per-million (PPM). The file is updated by first writing
1273 the current drift value into a temporary file and then renaming
1274 this file to replace the old version; this implies that ntpd(8)
1275 must have write permission for the directory the drift file is
1276 located in, and that file system links, symbolic or otherwise,
1277 should be avoided.
1278 enable [auth | calibrate | kernel | monitor | ntp | stats]; disable
1280 [auth | calibrate | kernel | monitor | ntp | stats]
1281 Provides a way to enable or disable various server options. Flags
1282 not mentioned are unaffected. Note that all of these flags can be
1283 controlled remotely using the ntpq(1) utility program.
1284 auth
1286 Enables the server to synchronize with unconfigured peers only
1287 if the peer has been correctly authenticated. The default for
1288 this flag is enable.
1289 calibrate
1291 Enables the calibrate feature for reference clocks. The default
1292 for this flag is disable.
1293 kernel
1295 Enables the kernel time discipline, if available. The default
1296 for this flag is enable if support is available, otherwise
1297 disable.
1298 monitor
1300 Enables the monitoring facility. See the ntpq(1) program and
1301 the monlist command for further information. The default for
1302 this flag is enable.
1303 ntp
1305 Enables time and frequency discipline. In effect, this switch
1306 opens and closes the feedback loop, which is useful for
1307 testing. The default for this flag is enable.
1308 stats
1310 Enables the statistics facility. See the "Monitoring Options"
1311 section for further information. The default for this flag is
1312 disable.
1313 includefile includefile
1315 This command allows additional configuration commands to be
1316 included from a separate file. Include files may be nested to a
1317 depth of five; upon reaching the end of any include file, command
1318 processing resumes in the previous configuration file. Relative
1319 pathnames are evaluated not with respect to the current working
1320 directory but with respect to the directory name of the last pushed
1321 file in the stack. This option is useful for sites that run ntpd(8)
1322 on multiple hosts, with (mostly) common options (e.g., a
1323 restriction list).
1324 interface [listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | name
1326 | address[/prefixlen]]
1327 This command controls which network addresses ntpd opens, and
1328 whether the input is dropped without processing. The first
1329 parameter determines the action on addresses which match the second
1330 parameter. That parameter specifies a class of addresses, or a
1331 specific interface name, or an address. In the address case,
1332 prefixlen determines how many bits must match for this rule to
1333 apply. ignore prevents opening matching addresses, drop causes ntpd
1334 to open the address and drop all received packets without
1335 examination. Multiple interface commands can be used. The last rule
1336 which matches a particular address determines the action for it.
1337 interface commands are disabled if any of the -I, --interface,-L,
1338 or --novirtualips command-line options are used. If none of those
1339 options are used, and no interface actions are specified in the
1340 configuration file, all available network addresses are opened. The
1341 nic command is an alias for interface.
1342 leapfile leapfile
1344 This command loads the NIST leap seconds file and initializes the
1345 leapsecond values for the next leap second time, expiration time
1346 and TAI offset. The file can be obtained using ntpleapfetch.
1347 The leapfile is scanned when ntpd processes the leapfile directive
1349 or when ntpd detects that leapfile has changed. ntpd checks once a
1350 day to see if the leapfile has changed.
1351 leapsmearinterval interval
1353 This experimental option is only available if ntpd was built with
1354 the --enable-leap-smear option, It specifies the interval over
1355 which a leap second correction will be applied. Recommended values
1356 for this option are between 7200 (2 hours) and 86400 (24 hours). DO
1357 NOT USE THIS OPTION ON PUBLIC-ACCESS SERVERS! See
1358 http://bugs.ntp.org/2855 for more information.
1359 logconfig configkeyword
1361 This command controls the amount and type of output written to the
1362 system syslog(3) facility or the alternate log file. By default,
1363 all output is turned on. All configkeyword keywords can be prefixed
1364 with ‘=’, ‘’ and ‘-’, where ‘=’ sets the syslog(3) priority mask,
1365 ‘’ adds and ‘-’ removes messages. syslog(3) messages can be
1366 controlled in four classes (clock,peer,sys and sync). Within these
1367 classes four types of messages can be controlled: informational
1368 messages (info), event messages (events), statistics messages
1369 (statistics) and status messages (status).
1370 Configuration keywords are formed by concatenating the message
1372 class with the event class. The all prefix can be used instead of a
1373 message class. A message class may also be followed by the all
1374 keyword to enable/disable all messages of the respective message
1375 class. Thus, a minimal log configuration could look like this:
1376 logconfig =syncstatus +sysevents
1378 This would just list the synchronizations state of ntpd(8) and the
1380 major system events. For a simple reference server, the following
1381 minimum message configuration could be useful:
1382 logconfig =syncall +clockall
1384 This configuration will list all clock information and
1386 synchronization information. All other events and messages about
1387 peers, system events and so on is suppressed.
1388 logfile logfile
1390 This command specifies the location of an alternate log file to be
1391 used instead of the default system syslog(3) facility; this is the
1392 same operation as the -l command line option.
1393 If your ntpd runs for a long time, you probably want to use logrotate
1395 or newsyslog to switch to a new log file occasionally. SIGHUP will
1396 reopen the log file.
1397 mru [maxdepth count | maxmem kilobytes | mindepth count | maxage
1399 seconds | minage seconds | initalloc count | initmem kilobytes |
1400 incalloc count | incmem kilobytes]
1401 Controls size limits of the monitoring facility Most Recently Used
1402 (MRU) list of client addresses, which is also used by the rate
1403 control facility.
1404 maxdepth count, maxmem kilobytes
1406 Equivalent upper limits on the size of the MRU list, in terms
1407 of entries or kilobytes. The actual limit will be up to
1408 incalloc entries or incmem kilobytes larger. As with all of the
1409 mru options offered in units of entries or kilobytes, if both
1410 maxdepth and maxmem are used, the last one used controls. The
1411 default is 1024 kilobytes.
1412 mindepth count
1414 The lower limit on the MRU list size. When the MRU list has
1415 fewer than mindepth entries, existing entries are never removed
1416 to make room for newer ones, regardless of their age. The
1417 default is 600 entries.
1418 maxage seconds, minage seconds
1420 If an address is not in the list, there are several possible
1421 ways to find a slot for it.
1422 1. If the list has fewer than mindepth entries, a slot is
1424 allocated from the free list; this is the normal case for a
1425 server without a lot of clients. If clients come and go,
1426 for example, laptops going between home and work, the
1427 default setup shows only the long term average.
1428 2. If the age of the oldest slot is greater than maxage, the
1430 oldest slot is recycled (default 3600 seconds).
1431 3. If the freelist is not empty, a slot is allocated from the
1433 free list.
1434 4. If the freelist is empty but not full (see maxmem), more
1436 memory is allocated (see incmem) and, a new slot is used.
1437 5. If the age of the oldest slot is more than minage, the
1439 oldest slot is recycled (default 64 seconds).
1440 6. Otherwise, no slot is available.
1442 initalloc count, initmem kilobytes
1444 Initial memory allocation at the time the monitoring facility
1445 is first enabled, in terms of entries or kilobytes. The default
1446 is 4 kilobytes.
1447 incalloc count, incmem kilobytes
1449 Size of additional memory allocations when growing the MRU
1450 list, in entries or kilobytes. The default is 4 kilobytes.
1451 nonvolatile threshold
1453 Specify the threshold in seconds to write the frequency file, with
1454 a default of 1e-7 (0.1 PPM). The frequency file is inspected each
1455 hour. If the difference between the current frequency and the last
1456 value written exceeds the threshold, the file is written, and the
1457 threshold becomes the new threshold value. If the threshold is not
1458 exceeded, it is reduced by half; this is intended to reduce the
1459 frequency of unnecessary file writes for embedded systems with
1460 nonvolatile memory.
1461 phone dial ...
1463 This command is used in conjunction with the ACTS modem driver
1464 (type modem) or the JJY driver (type jjy). For ACTS, the arguments
1465 consist of a maximum of 10 telephone numbers used to dial USNO,
1466 NIST or European time services. For the jjy driver in modes
1467 100-180, the argument is one telephone number used to dial the
1468 telephone JJY service. The Hayes command ATDT is normally prepended
1469 to the number, which can contain other modem control codes as well.
1470 reset [allpeers] [auth] [ctl] [io] [mem] [sys] [timer]
1472 Reset one or more groups of counters maintained by ntpd and exposed
1473 by ntpq.
1474 setvar variable [default]
1476 This command adds a system variable. These variables can be used to
1477 distribute additional information such as the access policy. If the
1478 variable of the form name=value is followed by the default keyword,
1479 the variable will be listed as part of the default system variables
1480 (ntpq(1) rv command). These additional variables serve
1481 informational purposes only. They are not related to the protocol
1482 other that they can be listed. The known protocol variables will
1483 always override any variables defined via the setvar mechanism.
1484 There are three special variables that contain the names of all
1485 variable of the same group. The sys_var_list holds the names of all
1486 system variables. The peer_var_list holds the names of all peer
1487 variables and the clock_var_list holds the names of the reference
1488 clock variables.
1489 tinker [allan allan | dispersion dispersion | freq freq | huffpuff
1491 huffpuff | panic panic | step step | stepback stepback | stepfwd
1492 stepfwd | stepout stepout]
1493 This command can be used to alter several system variables in very
1494 exceptional circumstances. It should occur in the configuration
1495 file before any other configuration options. The default values of
1496 these variables have been carefully optimized for a wide range of
1497 network speeds and reliability expectations. In general, they
1498 interact in intricate ways that are hard to predict, and some
1499 combinations can result in some very nasty behavior. Very rarely is
1500 it necessary to change the default values; but, some folks cannot
1501 resist twisting the knobs anyway, and this command is for them.
1502 Emphasis added: twisters are on their own and can expect no help
1503 from the support group.
1504 The variables operate as follows:
1506 allan allan
1508 The argument becomes the new value for the minimum Allan
1509 intercept, which is a parameter of the PLL/FLL clock discipline
1510 algorithm. The value in log2 seconds defaults to 11 (2048 s),
1511 which is also the lower limit.
1512 dispersion dispersion
1514 The argument becomes the new value for the dispersion increase
1515 rate, normally .000015 s/s.
1516 freq freq
1518 The argument becomes the initial value of the frequency offset
1519 in parts-per-million; this overrides the value in the frequency
1520 file, if present, and avoids the initial training state if it
1521 is not.
1522 huffpuff huffpuff
1524 The argument becomes the new value for the experimental
1525 huff-n'-puff filter span, which determines the most recent
1526 interval the algorithm will search for a minimum delay. The
1527 lower limit is 900 s (15 m), but a more reasonable value is
1528 7200 (2 hours). There is no default since the filter is not
1529 enabled unless this command is given.
1530 panic panic
1532 The argument is the panic threshold, normally 1000 s. If set to
1533 zero, the panic sanity check is disabled, and a clock offset of
1534 any value will be accepted.
1535 step step
1537 The argument is the step threshold, which by default is 0.128
1538 sec. It can be set to any positive number in seconds. If set to
1539 zero, step adjustments will never occur. Note: The kernel time
1540 discipline is disabled if the step threshold is set to zero or
1541 greater than the default.
1542 stepback stepback
1544 The argument is the step threshold for the backward direction,
1545 which by default is 0.128 sec. It can be set to any positive
1546 number in seconds. If both the forward and backward step
1547 thresholds are set to zero, step adjustments will never occur.
1548 Note: The kernel time discipline is disabled if each direction
1549 of step threshold are either set to zero or greater than .5
1550 second.
1551 stepfwd stepfwd
1553 As for stepback, but for the forward direction.
1554 stepout stepout
1556 The argument is the stepout timeout, which by default is 900 s.
1557 It can be set to any positive number in seconds. If set to
1558 zero, the stepout pulses will not be suppressed.
1559 rlimit [memlock megabytes | stacksize 4kPages | filenum
1561 filedescriptors]
1562 memlock megabytes
1564 Ignored for backward compatibility.
1565 stacksize 4kPages
1567 Specifies the maximum size of the process stack on systems with
1568 the mlockall() function. Defaults to 50 4k pages.
1569 filenum filedescriptors
1571 Specifies the maximum number of file descriptors ntpd may have
1572 open at once. Defaults to the system default.
1573
1575 /etc/ntp.conf
1576 the default name of the configuration file
1577 ntp.keys
1579 private keys
1580 One of the following exit values will be returned:
1582 0 (EXIT_SUCCESS)
1584 Successful program execution.
1585 1 (EXIT_FAILURE)
1587 The operation failed or the command syntax was not valid.
1588
1590 ntpd(8), ntpq(1).
1591 In addition to the manual pages provided, comprehensive documentation
1593 is available on the world wide web at https://www.ntpsec.org. A
1594 snapshot of this documentation is available in HTML format in
1595 /usr/share/doc/ntp.
1596 David L. Mills, Network Time Protocol (Version 4), RFC 5905
1598
1600 The syntax checking is not picky; some combinations of ridiculous and
1601 even hilarious options and modes may not be detected.
1602NTPsec 2022-01-20 NTP.CONF(5)