1NTP.CONF(5) NTPsec NTP.CONF(5)
2
6 ntp.conf - Network Time Protocol (NTP) daemon configuration file format
7
9 /etc/ntp.conf
10
12 The ntp.conf configuration file is read at initial startup by the
13 ntpd(8) daemon in order to specify the synchronization sources, modes,
14 and other related information. Usually, it is installed in the /etc
15 directory, but could be installed elsewhere (see the daemon’s -c
16 command line option).
17 The file format is similar to other UNIX configuration files. Comments
19 begin with a ‘#’ character and extend to the end of the line; blank
20 lines are ignored. Configuration commands consist of an initial keyword
21 followed by a list of arguments, some of which may be optional,
22 separated by whitespace. Commands may not be continued over multiple
23 lines. Arguments may be host names, host addresses written in numeric,
24 dotted-quad form, integers, floating point numbers (when specifying
25 times in seconds) and text strings.
26 Configuration files may have inclusion lines. The syntax is includefile
28 followed by whitespace followed by a file or directory name. The
29 configuration is evaluated as though the text of the file - or all
30 files of the directory with the extension ".conf" - were textually
31 spliced in at the point of the include. Relative paths will work, even
32 when the -c option changes the config directory root.
33 The rest of this page describes the configuration and control options.
35 The "Notes on Configuring NTP and Setting up an NTP Subnet" page
36 (available as part of the HTML documentation provided under
37 /usr/share/doc/ntp) contains an extended discussion of these options.
38 In addition to the discussion of general Configuration Options, there
39 are sections describing the following supported functionality and the
40 options used to control it:
41 • Authentication Support
43 • NTS Support
45 • Monitoring Support
47 • Access Control Support
49 • Automatic NTP Configuration Options
51 • Reference Clock Support
53 • Miscellaneous Options
55 Following these is a section describing Miscellaneous Options. While
57 there is a rich set of options available, the only required option is
58 one or more pool, server, peer, or broadcast commands.
59
61 Following is a description of the configuration commands in NTPv4.
62 There are two classes of commands, association commands that configure
63 a persistent association with a remote server or peer or reference
64 clock, and auxiliary commands that specify environment variables that
65 control various related operations.
66 Association Commands
68 Only those options applicable to each command are listed below. Use of
69 options not listed may not be caught as an error, but may result in
70 some weird and even destructive behavior.
71 In contexts where a host name is expected, a -4 or --ipv4 qualifier
73 preceding the host name forces DNS resolution to the IPv4 namespace,
74 while a -6 or --ipv6 qualifier forces DNS resolution to the IPv6
75 namespace.
76 In these commands, an address can be any of (a) an IPV4 address in
78 a.b.c.d format, (b) an IPV6 address in [a:b:c:d:e:f:g:h] format, (c) a
79 link-local IPV6 address with an interface specified in
80 [a:b:c:d:e:f:g:h]%device format, or (d) a DNS hostname.
81 pool address [burst] [iburst] [version version] [prefer] [minpoll
83 minpoll] [maxpoll maxpoll] [preempt]
84 server address [key key] [burst] [iburst] [version version] [prefer]
86 [minpoll minpoll] [maxpoll maxpoll]
87 peer address [key key] [version version] [prefer] [minpoll minpoll]
89 [maxpoll maxpoll]
90 unpeer [address | associd | clock clocktype [unit unitnum]]
92 These four commands specify the time server name or address to be
93 used and the mode in which to operate. The address can be either a
94 DNS name or an IP address in dotted-quad notation. If it is a
95 refclock, it can be clock followed by a type-unit pair as in the
96 refclock directive; a missing unit clause is interpreted as unit 0.
97 pool
99 For server addresses, this command mobilizes a persistent client
100 mode association with a number of remote servers. In this mode the
101 local clock can synchronized to the remote server, but the remote
102 server can never be synchronized to the local clock.
103 server
105 For server addresses, this command mobilizes a persistent client
106 mode association with the specified remote server or local radio
107 clock. In this mode the local clock can synchronized to the remote
108 server, but the remote server can never be synchronized to the
109 local clock.
110 peer
112 NTP peer mode has been removed for security reasons. peer is now
113 just an alias for the server keyword. See above.
114 unpeer
116 This command removes a previously configured association. An
117 address or association ID can be used to identify the association.
118 Either an IP address or DNS name can be used. This command is most
119 useful when supplied via ntpq runtime configuration commands config
120 and config-from-file.
121 Association Options
123 bias
124 Add the command argument, a floating-point value in seconds, to the
125 time offset (θ) computed for this server; this may be useful
126 if you are a client on a network connection such as an ADSL line
127 where there is a predictable asymmetry between upstream and
128 downstream flight times. One way you might see this is if you use a
129 fixed set of others and one has a stable offset that is an outlier
130 from the others; in that case, you might want to use bias to
131 compensate out the offset.
132 burst
134 When the server is reachable, send a burst of eight packets instead
135 of the usual one. The packet spacing is normally 2 s; however, the
136 spacing between the first and second packets can be changed with
137 the calldelay command to allow additional time for a modem or ISDN
138 call to complete; this is designed to improve timekeeping quality
139 with the server command.
140 iburst
142 When the server is unreachable, send a burst of six packets instead
143 of the usual one. The packet spacing is normally 2 s; however, the
144 spacing between the first and second packets can be changed with
145 the calldelay command to allow additional time for a modem or ISDN
146 call to complete; this is designed to speed the initial
147 synchronization acquisition with the server command, and when
148 ntpd(8) is started with the -q option.
149 key key
151 All packets sent to and received from the server or peer are to
152 include authentication fields encrypted using the specified key
153 identifier with values from 1 to 65535, inclusive. The default is
154 to include no encryption field.
155 minpoll minpoll, maxpoll maxpoll
157 These options specify the minimum and maximum poll intervals for
158 NTP messages, as a power of 2 in seconds. The maximum poll interval
159 defaults to 10 (1,024 s), but can be increased by the maxpoll
160 option to an upper limit of 17 (36.4 h). The minimum poll interval
161 defaults to 6 (64 s), but can be decreased by the minpoll option to
162 a lower limit of 0 (1 s).
163 mode option
165 Pass the option to a reference clock driver. This option is valid
166 only with refclock addresses.
167 noselect
169 Marks the server as unused, except for display purposes. The server
170 is discarded by the selection algorithm.
171 prefer
173 Marks the server as preferred. All other things being equal, this
174 host will be chosen for synchronization among a set of correctly
175 operating hosts. See the "Mitigation Rules and the prefer Keyword"
176 page for further information.
177 true
179 Mark the association to assume truechimer status; that is, always
180 survive the selection and clustering algorithms. This option can be
181 used with any association but is most useful for reference clocks
182 with large jitter on the serial port and precision pulse-per-second
183 (PPS) signals. Caution: this option defeats the algorithms designed
184 to cast out falsetickers and can allow these sources to set the
185 system clock. This option is valid only with the server command.
186 version version
188 Specifies the version number to be used for outgoing NTP packets.
189 Versions 1-4 are the choices, with version 4 the default.
190 Association Auxiliary Commands
192 mdnstries number
193 If we are participating in mDNS, after we have synched for the
194 first time we attempt to register with the mDNS system. If that
195 registration attempt fails, we try again at one minute intervals
196 for up to number times. After all, ntpd may be starting before
197 mDNS. The default value for mdnstries is 5.
198 Authentication Commands
200 The following declarations control MAC authentication:
201 controlkey key
203 Specifies the key identifier to use with the ntpq(1) utility, which
204 uses the standard protocol defined in RFC 5905. The key argument is
205 the key identifier for a trusted key, where the value can be in the
206 range 1 to 65,535, inclusive.
207 keys keyfile
209 Specifies the complete path and location of the key file containing
210 the keys and key identifiers used by ntpd(8), and ntpq(1) when
211 operating with symmetric-key cryptography. This is the same
212 operation as the -k command line option.
213 trustedkey key...
215 Specifies the key identifiers which are trusted for the purposes of
216 authenticating peers with symmetric key cryptography, as well as
217 keys used by the ntpq(1) program. Multiple keys on the same line
218 should be separated by spaces. Key ranges can be specified as
219 (first ... last). The spaces around the ... are necessary. Multiple
220 trustedkey lines are supported and trusted keys can also be
221 specified on the command line.
222 The MAC authentication procedures require that both the local and
224 remote servers share the same key and key identifier for this purpose,
225 although different keys can be used with different servers. The key
226 arguments are 32-bit unsigned integers with values from 1 to 65,535.
227 NTS Commands
229 The following command controls NTS authentication. It overrides normal
230 TLS protocol negotiation, which is not usually necessary.
231 nts [enable|disable] [mintls version] [maxtls version] [tlsciphersuites
233 name]
234 The options are as follows:
236 cert file
238 Present the certificate (chain) in file as our certificate. + Note
239 that there is no checking on the certificate. In particular, it may
240 have expired or may not cover the host name used to get to this
241 server or may not be signed by a CA that is in the clients
242 root-server collection.
243 key file
245 Read the private key to our certificate from file.
246 ca location
248 Use the file, or directory, specified by location to validate
249 NTS-KE server certificates instead of the system default root
250 certificates. If a directory is specified, it must have files named
251 with their hash, as created by openssl rehash.
252 cookie location
254 Use the file (or directory) specified by location to store the keys
255 used to make and decode cookies. The default is
256 /var/lib/ntp/nts-keys.
257 enable
259 Enable NTS-KE server. When enabled, cert and key are required.
260 disable
262 Disable NTS-KE server.
263 mintls string
265 Set the lowest allowable TLS version to negotiate. Will be useful
266 in the wake of a TLS compromise. Reasonable values are TLS1.3 if
267 your system supports it. TLS 1.3 was first supported in OpenSSL
268 version 1.1.1.
269 maxtls string
271 Set the highest allowable TLS version to negotiate. By setting
272 mintls and maxtls equal, you can force the TLS version for testing.
273 Format is as for mintls.
274 tlsciphersuites string
276 An OpenSSL ciphersuite list to configure the allowed ciphersuites
277 for TLS 1.3. A single NULL cipher disables encryption and use of
278 certificates.
279 aead string
281 Specify the crypto algorithm to be used on the wire. The choices
282 come from RFC 5297. The only options supported are
283 AES_SIV_CMAC_256, AES_SIV_CMAC_384, and AES_SIV_CMAC_512. This slot
284 is dual use. It is the server default if the remote client doesn’t
285 request a valid choice and it is also the preference passed to the
286 remote client if the server command doesn’t specify a preference.
287 The default is AES_SIV_CMAC_256.
288 The following options of the server command configure NTS (as a
290 client).
291 nts
293 Use Network Time Security (NTS) for authentication. Normally, this
294 is all you have to do to activate the client side of NTS. + The
295 hostname following the server command is used as the address of the
296 NTS key exchange server (NTS-KE) rather than the address of a NTP
297 server. The NTS-KE exchange defaults to using the same IP address
298 for the NTP server. + Note that the server hostname must match the
299 name on the NTS-KE server’s certificate.
300 noval
302 Do not validate the server certificate.
303 ca location
305 Use the file, or directory, specified by location to validate the
306 NTS-KE server certificate, overriding the site default. Do not use
307 any other CA. If a directory is specified, it must have files named
308 with their hash, as created by openssl rehash.
309 aead string
311 Specify the preferred crypto algorithm to be used on the wire. The
312 only options supported are AES_SIV_CMAC_256, AES_SIV_CMAC_384, and
313 AES_SIV_CMAC_512. The server may ignore the request. See the aead
314 option above. + The same aead algorithms are also used to encrypt
315 cookies. The default is AES_SIV_CMAC_256. There is no config file
316 option to change it, but you can change it by editing the saved
317 cookie key file, probably /var/lib/ntp/nts-keys. Adjust the L: slot
318 to be 48 or 64 and adjust the I: slots to have the right number of
319 bytes. Then restart the server. (All old cookies held by clients
320 will be rejected so their next 8 NTP requests will be ignored. They
321 should recover by retrying NTS-KE to get fresh cookies.)
322
324 ntpd(8) includes a comprehensive monitoring facility suitable for
325 continuous, long term recording of server and client timekeeping
326 performance. See the statistics command below for a listing and example
327 of each type of statistics currently supported. Statistic files are
328 managed using file generation sets and scripts in the ./scripts
329 directory of this distribution. Using these facilities and UNIX cron(8)
330 jobs, the data can be automatically summarized and archived for
331 retrospective analysis.
332 Monitoring Commands
334 statistics name...
335 Enables writing of statistics records. Currently, eight kinds of
336 name statistics are supported.
337 clockstats
339 Enables recording of clock driver statistics information. Each
340 update received from a clock driver appends a line of the
341 following form to the file generation set named clockstats:
342 49213 525.624 SPECTRACOM(1) 93 226 00:08:29.606
344 ┌────────────────────┬───────┬─────────────────────┐
346 │ │ │ │
347 │Item │ Units │ Description │
348 ├────────────────────┼───────┼─────────────────────┤
349 │ │ │ │
350 │49213 │ MJD │ modified Julian day │
351 │ │ │ number │
352 ├────────────────────┼───────┼─────────────────────┤
353 │ │ │ │
354 │525.624 │ s │ time of day (s) │
355 │ │ │ past midnight UTC │
356 ├────────────────────┼───────┼─────────────────────┤
357 │ │ │ │
358 │SPECTRACOM(1) │ │ receiver identifier │
359 │ │ │ (Spectracom unit 1) │
360 ├────────────────────┼───────┼─────────────────────┤
361 │ │ │ │
362 │93 226 00:08:29.606 │ │ timecode (format │
363 │ │ │ varies by refclock) │
364 └────────────────────┴───────┴─────────────────────┘
365 The first two fields show the date (Modified Julian Day) and time
367 (seconds and fraction past UTC midnight). The next normally shows
368 clock type and unit (but if you are running in strict Classic
369 compatibility mode it will show the magic clock address in
370 dotted-quad notation). The final field is the last timecode
371 received from the clock in decoded ASCII format, where meaningful.
372 For some clock drivers, a good deal of additional information can
373 be gathered and displayed as well. See information specific to each
374 clock for further details.
375 loopstats
377 Enables recording of loop filter statistics information. Each
378 update of the local clock outputs a line of the following form
379 to the file generation set named loopstats:
380 50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
382 ┌────────────┬────────┬─────────────────────┐
384 │ │ │ │
385 │Item │ Units │ Description │
386 ├────────────┼────────┼─────────────────────┤
387 │ │ │ │
388 │50935 │ MJD │ date │
389 ├────────────┼────────┼─────────────────────┤
390 │ │ │ │
391 │75440.031 │ s │ time past midnight │
392 ├────────────┼────────┼─────────────────────┤
393 │ │ │ │
394 │0.000006019 │ s │ clock offset │
395 ├────────────┼────────┼─────────────────────┤
396 │ │ │ │
397 │13.778 │ PPM │ drift (frequency │
398 │ │ │ offset) │
399 ├────────────┼────────┼─────────────────────┤
400 │ │ │ │
401 │0.000351733 │ s │ RMS jitter │
402 ├────────────┼────────┼─────────────────────┤
403 │ │ │ │
404 │0.013380 │ PPM │ RMS frequency │
405 │ │ │ jitter (aka wander) │
406 ├────────────┼────────┼─────────────────────┤
407 │ │ │ │
408 │6 │ log2 s │ clock discipline │
409 │ │ │ loop time constant │
410 └────────────┴────────┴─────────────────────┘
411 The first two fields show the date (Modified Julian Day) and time
413 (seconds and fraction past UTC midnight). The next five fields show
414 time offset (seconds), frequency offset (parts per million - PPM),
415 RMS jitter (seconds), Allan deviation (PPM) and clock discipline
416 time constant.
417 protostats
419 Record significant peer and system events. Each significant
420 event appends one line to the protostats file set:
421 49213 525.624 128.4.1.1 963a 8a message
423 ┌──────────┬───────┬────────────────────┐
425 │ │ │ │
426 │Item │ Units │ Description │
427 ├──────────┼───────┼────────────────────┤
428 │ │ │ │
429 │49213 │ MJD │ date │
430 ├──────────┼───────┼────────────────────┤
431 │ │ │ │
432 │525.624 │ s │ time past midnight │
433 ├──────────┼───────┼────────────────────┤
434 │ │ │ │
435 │128.4.1.1 │ IP │ source address │
436 │ │ │ (0.0.0.0 for │
437 │ │ │ system) │
438 ├──────────┼───────┼────────────────────┤
439 │ │ │ │
440 │963a │ code │ status word │
441 ├──────────┼───────┼────────────────────┤
442 │ │ │ │
443 │8a │ code │ event message code │
444 ├──────────┼───────┼────────────────────┤
445 │ │ │ │
446 │message │ text │ event message │
447 └──────────┴───────┴────────────────────┘
448 The event message code and message field are described on the
450 "Event Messages and Status Words" page.
451 peerstats
453 Enables recording of peer statistics information. This includes
454 statistics records of all peers of an NTP server and of special
455 signals, where present and configured. Each valid update
456 appends a line of the following form to the current element of
457 a file generation set named peerstats:
458 48773 10847.650 SPECTRACOM(4) 9714 -0.001605376 0.000000000
460 0.001424877 0.000958674
461 ┌──────────────┬───────┬────────────────────┐
463 │ │ │ │
464 │Item │ Units │ Description │
465 ├──────────────┼───────┼────────────────────┤
466 │ │ │ │
467 │48773 │ MJD │ date │
468 ├──────────────┼───────┼────────────────────┤
469 │ │ │ │
470 │10847.650 │ s │ time past midnight │
471 ├──────────────┼───────┼────────────────────┤
472 │ │ │ │
473 │SPECTRACOM(4) │ │ clock name (unit) │
474 │ │ │ or source address │
475 ├──────────────┼───────┼────────────────────┤
476 │ │ │ │
477 │9714 │ hex │ status word │
478 ├──────────────┼───────┼────────────────────┤
479 │ │ │ │
480 │-0.001605376 │ s │ clock offset │
481 ├──────────────┼───────┼────────────────────┤
482 │ │ │ │
483 │0.000000000 │ s │ roundtrip delay │
484 ├──────────────┼───────┼────────────────────┤
485 │ │ │ │
486 │0.001424877 │ s │ dispersion │
487 ├──────────────┼───────┼────────────────────┤
488 │ │ │ │
489 │0.000958674 │ s │ RMS jitter │
490 └──────────────┴───────┴────────────────────┘
491 The first two fields show the date (Modified Julian Day) and time
493 (seconds and fraction past UTC midnight). The third field shows the
494 reference clock type and unit number (but if you are running in the
495 peer address in dotted-quad notation instead) The fourth field is a
496 status word, encoded in hex in the format described in Appendix A
497 of the NTP specification RFC 1305. The final four fields show the
498 offset, delay, dispersion and RMS jitter, all in seconds.
499 rawstats
501 Enables recording of raw-timestamp statistics information. This
502 includes statistics records of all peers of an NTP server and
503 of special signals, where present and configured. Each NTP
504 message received from a peer or clock driver appends a line of
505 the following form to the file generation set named rawstats:
506 59786 36302.768 2610:20:6f15:15::27 2604:a880:1:20::17:5001 3867818701.119346355 3867818701.152009264 3867818701.152010426 3867818702.768490825 0 3 4 1 13 -29 0.000244 0.000488 .NIST. 0 1 2000
508 ┌────────────────────────┬────────────────────┬─────────────────────┐
510 │ │ │ │
511 │Item │ Units │ Description │
512 ├────────────────────────┼────────────────────┼─────────────────────┤
513 │ │ │ │
514 │59786 │ MJD │ date │
515 ├────────────────────────┼────────────────────┼─────────────────────┤
516 │ │ │ │
517 │36302.768 │ s │ time past midnight │
518 ├────────────────────────┼────────────────────┼─────────────────────┤
519 │ │ │ │
520 │2610:20:6f15:15::27 │ IP │ source address │
521 ├────────────────────────┼────────────────────┼─────────────────────┤
522 │ │ │ │
523 │2604:a880:1:20::17:5001 │ IP │ destination address │
524 ├────────────────────────┼────────────────────┼─────────────────────┤
525 │ │ │ │
526 │3867818701.119346355 │ NTP s │ origin timestamp │
527 ├────────────────────────┼────────────────────┼─────────────────────┤
528 │ │ │ │
529 │3867818701.152009264 │ NTP s │ receive timestamp │
530 ├────────────────────────┼────────────────────┼─────────────────────┤
531 │ │ │ │
532 │3867818701.152010426 │ NTP s │ transmit timestamp │
533 ├────────────────────────┼────────────────────┼─────────────────────┤
534 │ │ │ │
535 │3867818702.768490825 │ NTP s │ destination │
536 │ │ │ timestamp │
537 ├────────────────────────┼────────────────────┼─────────────────────┤
538 │ │ │ │
539 │0 │ 0: OK, 1: insert │ leap warning │
540 │ │ pending, 2: delete │ indicator │
541 │ │ pending, 3: not │ │
542 │ │ synced │ │
543 ├────────────────────────┼────────────────────┼─────────────────────┤
544 │ │ │ │
545 │3 │ 4 was current in │ NTP version │
546 │ │ 2012 │ │
547 ├────────────────────────┼────────────────────┼─────────────────────┤
548 │ │ │ │
549 │4 │ 3: client, 4: │ mode │
550 │ │ server, 6: ntpq │ │
551 ├────────────────────────┼────────────────────┼─────────────────────┤
552 │ │ │ │
553 │1 │ 1-15, 16: not │ stratum │
554 │ │ synced │ │
555 ├────────────────────────┼────────────────────┼─────────────────────┤
556 │ │ │ │
557 │13 │ log2 seconds │ poll │
558 ├────────────────────────┼────────────────────┼─────────────────────┤
559 │ │ │ │
560 │-29 │ log2 seconds │ precision │
561 ├────────────────────────┼────────────────────┼─────────────────────┤
562 │ │ │ │
563 │0.000244 │ seconds │ total roundtrip │
564 │ │ │ delay from the │
565 │ │ │ remote server to │
566 │ │ │ the primary │
567 │ │ │ reference clock │
568 ├────────────────────────┼────────────────────┼─────────────────────┤
569 │ │ │ │
570 │0.000488 │ seconds │ total dispersion │
571 │ │ │ from the remote │
572 │ │ │ server to the │
573 │ │ │ primary reference │
574 │ │ │ clock │
575 ├────────────────────────┼────────────────────┼─────────────────────┤
576 │ │ │ │
577 │.NIST. │ IP or text │ refid, association │
578 │ │ │ ID │
579 ├────────────────────────┼────────────────────┼─────────────────────┤
580 │ │ │ │
581 │0 │ integer │ lost packets since │
582 │ │ │ last response │
583 ├────────────────────────┼────────────────────┼─────────────────────┤
584 │ │ │ │
585 │1 │ integer │ dropped packets │
586 │ │ │ since last request │
587 ├────────────────────────┼────────────────────┼─────────────────────┤
588 │ │ │ │
589 │2000 │ hex integer │ 0 if packet │
590 │ │ │ accecpted, BOGON │
591 │ │ │ flag if packet is │
592 │ │ │ discarded │
593 └────────────────────────┴────────────────────┴─────────────────────┘
594 The first two fields show the date (Modified Julian Day) and time
596 (seconds and fraction past UTC midnight). The next two fields show
597 the remote IP Address followed by the local address. The next four
598 fields show the originate, receive, transmit and final NTP
599 timestamps in order. The timestamp values are as received and
600 before processing by the various data smoothing and mitigation
601 algorithms.
602 A packet that is accecpted is logged. At most the first dropped
604 packet per request is logged. That avoids DDoSing the log file.
605 The BOGON flags are decoded here <decode.html#flash>.
607 sysstats
609 Enables recording of ntpd statistics counters on a periodic
610 basis. Each hour a line of the following form is appended to
611 the file generation set named sysstats:
612 59935 82782.547 3600 36082754 31287166 26510580 4779042 113 19698 1997 428 4773352 0 366120
614 ┌──────────┬───────┬────────────────────┐
616 │ │ │ │
617 │Item │ Units │ Description │
618 ├──────────┼───────┼────────────────────┤
619 │ │ │ │
620 │59935 │ MJD │ date │
621 ├──────────┼───────┼────────────────────┤
622 │ │ │ │
623 │82782.547 │ s │ time past midnight │
624 ├──────────┼───────┼────────────────────┤
625 │ │ │ │
626 │3600 │ s │ time since reset │
627 ├──────────┼───────┼────────────────────┤
628 │ │ │ │
629 │36082754 │ # │ packets received │
630 ├──────────┼───────┼────────────────────┤
631 │ │ │ │
632 │31287166 │ # │ packets processed │
633 ├──────────┼───────┼────────────────────┤
634 │ │ │ │
635 │26510580 │ # │ current version │
636 ├──────────┼───────┼────────────────────┤
637 │ │ │ │
638 │4779042 │ # │ old version(s) │
639 ├──────────┼───────┼────────────────────┤
640 │ │ │ │
641 │113 │ # │ access denied │
642 ├──────────┼───────┼────────────────────┤
643 │ │ │ │
644 │19698 │ # │ bad length or │
645 │ │ │ format │
646 ├──────────┼───────┼────────────────────┤
647 │ │ │ │
648 │1997 │ # │ bad authentication │
649 ├──────────┼───────┼────────────────────┤
650 │ │ │ │
651 │428 │ # │ declined │
652 ├──────────┼───────┼────────────────────┤
653 │ │ │ │
654 │4773352 │ # │ rate exceeded │
655 ├──────────┼───────┼────────────────────┤
656 │ │ │ │
657 │0 │ # │ kiss-o'-death │
658 │ │ │ packets sent │
659 ├──────────┼───────┼────────────────────┤
660 │ │ │ │
661 │366120 │ # │ NTPv1 packets │
662 │ │ │ received │
663 └──────────┴───────┴────────────────────┘
664 The first two fields show the date (Modified Julian Day) and time
666 (seconds and fraction past UTC midnight). The remaining ten fields
667 show the statistics counter values accumulated since the last
668 generated line.
669 usestats
671 Enables recording of ntpd resource usage statistics. Each hour
672 a line of the following form is appended to the file generation
673 set named usestats:
674 57570 83399.541 3600 0.902 1.451 164 0 0 0 2328 64226 1 0 4308
676 ┌──────────┬───────┬─────────────────────┐
678 │ │ │ │
679 │Item │ Units │ Description │
680 ├──────────┼───────┼─────────────────────┤
681 │ │ │ │
682 │57570 │ MJD │ date │
683 ├──────────┼───────┼─────────────────────┤
684 │ │ │ │
685 │83399.541 │ s │ time past midnight │
686 ├──────────┼───────┼─────────────────────┤
687 │ │ │ │
688 │3600 │ s │ time since reset │
689 ├──────────┼───────┼─────────────────────┤
690 │ │ │ │
691 │0.902 │ s │ ru_utime: CPU │
692 │ │ │ seconds - user mode │
693 ├──────────┼───────┼─────────────────────┤
694 │ │ │ │
695 │1.451 │ s │ ru_stime: CPU │
696 │ │ │ seconds - system │
697 ├──────────┼───────┼─────────────────────┤
698 │ │ │ │
699 │164 │ # │ ru_minflt: page │
700 │ │ │ faults - │
701 │ │ │ reclaim/soft (no │
702 │ │ │ I/O) │
703 ├──────────┼───────┼─────────────────────┤
704 │ │ │ │
705 │0 │ # │ ru_majflt: page │
706 │ │ │ faults - I/O │
707 ├──────────┼───────┼─────────────────────┤
708 │ │ │ │
709 │0 │ # │ ru_nswap: process │
710 │ │ │ swapped out │
711 ├──────────┼───────┼─────────────────────┤
712 │ │ │ │
713 │0 │ # │ ru_inblock: file │
714 │ │ │ blocks in │
715 ├──────────┼───────┼─────────────────────┤
716 │ │ │ │
717 │2328 │ # │ ru_oublock: file │
718 │ │ │ blocks out │
719 ├──────────┼───────┼─────────────────────┤
720 │ │ │ │
721 │64226 │ # │ ru_nvcsw: context │
722 │ │ │ switches, wait │
723 ├──────────┼───────┼─────────────────────┤
724 │ │ │ │
725 │1 │ # │ ru_nivcsw: context │
726 │ │ │ switches, preempts │
727 ├──────────┼───────┼─────────────────────┤
728 │ │ │ │
729 │0 │ # │ ru_nsignals: │
730 │ │ │ signals │
731 ├──────────┼───────┼─────────────────────┤
732 │ │ │ │
733 │4308 │ # │ ru_maxrss: resident │
734 │ │ │ set size, kilobytes │
735 └──────────┴───────┴─────────────────────┘
736 The first two fields show the date (Modified Julian Day) and time
738 (seconds and fraction past UTC midnight). The ru_ tags are the
739 names from the rusage struct. See man getrusage for details. (The
740 NetBSD and FreeBSD man pages have more details.) The maxrss column
741 is the high water mark since the process was started. The remaining
742 fields show the values used since the last report.
743 statsdir directory_path
745 Indicates the full path of a directory where statistics files
746 should be created (see below). This keyword allows the (otherwise
747 constant) filegen filename prefix to be modified for file
748 generation sets, which is useful for handling statistics logs.
749 filegen name [file filename] [type typename] [link | nolink] [enable |
751 disable]
752 Configures setting of the generation file set name. Generation file
753 sets provide a means for handling files that are continuously
754 growing during the lifetime of a server. Server statistics are a
755 typical example for such files. Generation file sets provide access
756 to a set of files used to store the actual data. At any time at
757 most one element of the set is being written to. The type given
758 specifies when and how data will be directed to a new element of
759 the set. This way, information stored in elements of a file set
760 that are currently unused are available for administrative
761 operations without the risk of disturbing the operation of ntpd.
762 (Most important: they can be removed to free space for new data
763 produced.)
764 Note that this command can be sent from the ntpq(1) program running
766 at a remote location.
767 name
769 This is the type of the statistics records, as shown in the
770 statistics command.
771 file filename
773 This is the file name for the statistics records. Filenames of
774 set members are built from three concatenated elements prefix,
775 filename and suffix:
776 ┌──────────┬────────────────────────────┐
778 │ │ │
779 │Attribute │ Description │
780 ├──────────┼────────────────────────────┤
781 │ │ │
782 │prefix │ This is a constant │
783 │ │ filename path. It is not │
784 │ │ subject to modifications │
785 │ │ via the filegen option. It │
786 │ │ is defined by the server, │
787 │ │ usually specified as a │
788 │ │ compile-time constant. It │
789 │ │ may, however, be │
790 │ │ configurable for │
791 │ │ individual file generation │
792 │ │ sets via other commands. │
793 │ │ For example, the prefix │
794 │ │ used with loopstats and │
795 │ │ peerstats generation can │
796 │ │ be configured using the │
797 │ │ statsdir option explained │
798 │ │ above. │
799 ├──────────┼────────────────────────────┤
800 │ │ │
801 │filename │ This string is directly │
802 │ │ concatenated to the prefix │
803 │ │ mentioned above (no │
804 │ │ intervening ‘/’). This can │
805 │ │ be modified using the file │
806 │ │ argument to the filegen │
807 │ │ statement. No .. elements │
808 │ │ are allowed in this │
809 │ │ component to prevent │
810 │ │ filenames referring to │
811 │ │ parts outside the │
812 │ │ filesystem hierarchy │
813 │ │ denoted by prefix. │
814 ├──────────┼────────────────────────────┤
815 │ │ │
816 │suffix │ This part is reflects │
817 │ │ individual elements of a │
818 │ │ file set. It is generated │
819 │ │ according to the type of a │
820 │ │ file set. │
821 └──────────┴────────────────────────────┘
822 type typename
824 A file generation set is characterized by its type. The
825 following types are supported: // The following are tables only
826 because indent lists cannot be // nested more than 2 deep.
827 ┌──────────┬────────────────────────────┐
829 │ │ │
830 │Attribute │ Description │
831 ├──────────┼────────────────────────────┤
832 │ │ │
833 │none │ The file set is actually a │
834 │ │ single plain file. │
835 ├──────────┼────────────────────────────┤
836 │ │ │
837 │pid │ One element of file set is │
838 │ │ used per incarnation of a │
839 │ │ ntpd server. This type │
840 │ │ does not perform any │
841 │ │ changes to file set │
842 │ │ members during runtime, │
843 │ │ however it provides an │
844 │ │ easy way of separating │
845 │ │ files belonging to │
846 │ │ different ntpd(8) server │
847 │ │ incarnations. The set │
848 │ │ member filename is built │
849 │ │ by appending a ‘.’ to │
850 │ │ concatenated prefix and │
851 │ │ filename strings, and │
852 │ │ appending the decimal │
853 │ │ representation of the │
854 │ │ process ID of the ntpd(8) │
855 │ │ server process. │
856 ├──────────┼────────────────────────────┤
857 │ │ │
858 │day │ One file generation set │
859 │ │ element is created per │
860 │ │ day. A day is defined as │
861 │ │ the period between 00:00 │
862 │ │ and 24:00 UTC. The file │
863 │ │ set member suffix consists │
864 │ │ of a ‘.’ and a day │
865 │ │ specification in the form │
866 │ │ YYYYMMdd. YYYY is a │
867 │ │ 4-digit year number (e.g., │
868 │ │ 1992). MM is a two digit │
869 │ │ month number. dd is a two │
870 │ │ digit day number. Thus, │
871 │ │ all information written at │
872 │ │ 10 December 1992 would end │
873 │ │ up in a file named prefix │
874 │ │ filename.19921210. │
875 ├──────────┼────────────────────────────┤
876 │ │ │
877 │week │ Any file set member │
878 │ │ contains data related to a │
879 │ │ certain week of a year. │
880 │ │ The term week is defined │
881 │ │ by computing day-of-year │
882 │ │ modulo 7. Elements of such │
883 │ │ a file generation set are │
884 │ │ distinguished by appending │
885 │ │ the following suffix to │
886 │ │ the file set filename │
887 │ │ base: A dot, a 4-digit │
888 │ │ year number, the letter W, │
889 │ │ and a 2-digit week number. │
890 │ │ For example, information │
891 │ │ from January, 10th 1992 │
892 │ │ would end up in a file │
893 │ │ with suffix 1992W1. │
894 ├──────────┼────────────────────────────┤
895 │ │ │
896 │month │ One generation file set │
897 │ │ element is generated per │
898 │ │ month. The file name │
899 │ │ suffix consists of a dot, │
900 │ │ a 4-digit year number, and │
901 │ │ a 2-digit month. │
902 ├──────────┼────────────────────────────┤
903 │ │ │
904 │year │ One generation file │
905 │ │ element is generated per │
906 │ │ year. The filename suffix │
907 │ │ consists of a dot and a 4 │
908 │ │ digit year number. │
909 ├──────────┼────────────────────────────┤
910 │ │ │
911 │age$$ │ This type of file │
912 │ │ generation sets changes to │
913 │ │ a new element of the file │
914 │ │ set every 24 hours of │
915 │ │ server operation. The │
916 │ │ filename suffix consists │
917 │ │ of a dot, the letter a, │
918 │ │ and an 8-digit number. │
919 │ │ This number is taken to be │
920 │ │ the number of seconds the │
921 │ │ server is running at the │
922 │ │ start of the corresponding │
923 │ │ 24-hour period. │
924 └──────────┴────────────────────────────┘
925 link | nolink
927 It is convenient to be able to access the current element of a
928 file generation set by a fixed name. This feature is enabled by
929 specifying link and disabled using nolink. If link is
930 specified, a hard link from the current file set element to a
931 file without suffix is created. When there is already a file
932 with this name and the number of links of this file is one, it
933 is renamed appending a dot, the letter C, and the pid of the
934 ntpd server process. When the number of links is greater than
935 one, the file is unlinked. This allows the current file to be
936 accessed by a constant name.
937 enable | disable
939 Enables or disables the recording function. Information is only
940 written to a file generation by specifying enable; output is
941 prevented by specifying disable.
942
944 The ntpd(8) daemon implements a general purpose address/mask based
945 restriction list. The list contains address/match entries sorted first
946 by increasing address values and then by increasing mask values. A
947 match occurs when the bitwise AND of the mask and the packet source
948 address is equal to the bitwise AND of the mask and address in the
949 list. The list is searched in order with the last match found defining
950 the restriction flags associated with the entry. Additional information
951 and examples can be found in the "Notes on Configuring NTP and Setting
952 up a NTP Subnet" page (available as part of the HTML documentation).
953 The restriction facility was implemented in conformance with the access
955 policies for the original NSFnet backbone time servers. Later the
956 facility was expanded to deflect cryptographic and clogging attacks.
957 While this facility may be useful for keeping unwanted or broken or
958 malicious clients from congesting innocent servers, it should not be
959 considered an alternative to the NTP authentication facilities. Source
960 address based restrictions are easily circumvented by a determined
961 cracker.
962 Clients can be denied service because they are explicitly included in
964 the restrict list created by the restrict command or implicitly as the
965 result of cryptographic or rate limit violations. Cryptographic
966 violations include certificate or identity verification failures; rate
967 limit violations generally result from defective NTP implementations
968 that send packets at abusive rates. Some violations cause denied
969 service only for the offending packet, others cause denied service for
970 a timed period and others cause the denied service for an indefinite
971 period. When a client or network is denied access for an indefinite
972 period, the only way at present to remove the restrictions is by
973 restarting the server.
974 The Kiss-of-Death Packet
976 Ordinarily, packets denied service are simply dropped with no further
977 action except incrementing statistics counters. Sometimes a more
978 proactive response is needed, such as a server message that explicitly
979 requests the client to stop sending and leave a message for the system
980 operator. A special packet format has been created for this purpose
981 called the "kiss-of-death" (KoD) packet. KoD packets have the leap bits
982 set unsynchronized and stratum set to zero and the reference identifier
983 field set to a four-byte ASCII code. If the noserve or notrust flag of
984 the matching restrict list entry is set, the code is "DENY"; if the
985 limited flag is set and the rate limit is exceeded, the code is "RATE".
986 Finally, if a cryptographic violation occurs, the code is "CRYP".
987 A client receiving a KoD performs a set of sanity checks to minimize
989 security exposure, then updates the stratum and reference identifier
990 peer variables, sets the access denied (BOGON4) bit in the peer flash
991 variable and sends a message to the log. As long as the BOGON4 bit is
992 set, the client will send no further packets to the server. The only
993 way at present to recover from this condition is to restart the
994 protocol at both the client and server. This happens automatically at
995 the client when the association times out. It will happen at the server
996 only if the server operator cooperates.
997
999 limit [average average] [burst burst] [kod kod]
1000 Set the parameters of the limited facility which protects the
1001 server from client abuse. Internally, each MRU <ntpq.html#mrulist>
1002 slot contains a score in units of packets per second. It is updated
1003 each time a packet arrives from that IP Address. The score decays
1004 exponentially at the burst rate and is bumped by 1.0/burst when a
1005 packet arrives.
1006 average average
1008 Specify the allowed average rate for response packets in
1009 packets per second. The default is 1.0
1010 burst burst
1012 Specify the allowed burst size if the bursts are far enough
1013 apart to keep the average rate below average. The default is
1014 20.0
1015 kod kod
1017 Specify the allowed average rate for KoD packets in packets per
1018 second. The default is 0.5
1019 restrict address[/cidr] [mask mask] [flag ...]
1021 The address argument expressed in dotted-quad (for IPv4) or
1022 :-delimited (for IPv6) form is the address of a host or network.
1023 Alternatively, the address argument can be a valid host DNS name.
1024 The mask argument expressed in IPv4 or IPv6 numeric address form
1025 defaults to all mask bits on, meaning that the address is treated
1026 as the address of an individual host. Instead of an explicit mask,
1027 the address/cidr may be specified in CIDR notation. A default entry
1028 (address 0.0.0.0, mask 0.0.0.0) is always included and is always
1029 the first entry in the list. Note that text string default, with no
1030 mask option, may be used to indicate the default entry. In the
1031 current implementation, flag always restricts access, i.e., an
1032 entry with no flags indicates that free access to the server is to
1033 be given. The flags are not orthogonal, in that more restrictive
1034 flags will often make less restrictive ones redundant. The flags
1035 can generally be classed into two categories, those which restrict
1036 time service and those which restrict informational queries and
1037 attempts to do a run-time reconfiguration of the server. One or
1038 more of the following flags may be specified:
1039 flake
1041 Discard received NTP packets with probability 0.1; that is, on
1042 average drop one packet in ten. This flag is for testing and
1043 amusement. The name comes from Bob Braden’s flakeway, which
1044 once did a similar thing for early Internet testing.
1045 ignore
1047 Deny packets of all kinds, including ntpq(1) queries.
1048 kod
1050 If this flag is set when an access violation occurs, a
1051 kiss-o'-death (KoD) packet is sent. KoD packets are rate
1052 limited.
1053 limited
1055 Deny service if the packet spacing violates the lower limits
1056 specified in the limit command. A history of clients is kept
1057 using the monitoring capability of ntpd(8). Thus, monitoring is
1058 always active as long as there is a restriction entry with the
1059 limited flag.
1060 mssntp
1062 Enable Microsoft Windows MS-SNTP authentication using Active
1063 Directory services. Note: Potential users should be aware that
1064 these services involve a TCP connection to another process that
1065 could potentially block, denying services to other users.
1066 Therefore, this flag should be used only for a dedicated server
1067 with no clients other than MS-SNTP.
1068 nomodify
1070 Deny ntpq(1) queries which attempt to modify the state of the
1071 server (i.e., run time reconfiguration). Queries which return
1072 information are permitted.
1073 nomrulist
1075 Do not accept MRU-list requests. These can be expensive to
1076 service and may generate a high volume of response traffic.
1077 nopeer
1079 Deny packets which would result in mobilizing a new
1080 association; this includes symmetric active packets when a
1081 configured association does not exist. That used to happen when
1082 the remote client used the peer command in its config file. We
1083 don’t support that mode. It used to include pool servers, but
1084 they now poke a hole in any restrictions.
1085 noquery
1087 Deny ntpq(1) queries. Time service is not affected.
1088 noserve
1090 Deny all packets except ntpq(1) and queries.
1091 notrust
1093 Deny service unless the packet is cryptographically
1094 authenticated.
1095 ntpport
1097 This is a match algorithm modifier, rather than a restriction
1098 flag. Its presence causes the restriction entry to be matched
1099 if the source port in the packet is the standard NTP UDP port
1100 (123). Both ntpport and non-ntpport may be specified. The
1101 ntpport is considered more specific and is sorted later in the
1102 list.
1103 version
1105 Deny packets that do not match the current NTP version.
1106 Note: A second restrict line with the same address/mask does not
1108 replace the first one. The flags are merged. Thus:
1109 restrict bob X
1111 restrict bob Y
1112 is the same as
1114 restrict bob X Y
1116 Default restriction list entries with the flags ignore, interface,
1118 ntpport, for each of the local host’s interface addresses are inserted
1119 into the table at startup to prevent the server from attempting to
1120 synchronize to its own time. A default entry is also always present. It
1121 has noquery to avoid packet length amplification which can be used for
1122 DDoS with a forged return address and limited to avoid DDoS
1123 reflections.
1124 unrestrict address[/cidr] [mask mask] [flag ...]
1126 Like a restrict command, but turns off the specified flags rather
1127 than turning them on (expected to be useful mainly with ntpq
1128 :config). An unrestrict with no flags specified removes any rule
1129 with matching address and mask. Use only on an address/mask or
1130 CIDR-format address mentioned in a previous restrict statement.
1131 Note: unrestrict default will not do anything; you can’t remove the
1133 builtin defaults. If you want to remove them, use unrestrict default
1134 noquery limited to turn off those flags.
1135
1137 Manycasting
1138 For a detailed description of manycast operation, see the "Server
1139 Discovery" page (available as part of the HTML documentation).
1140 Manycast Options
1142 tos [ceiling ceiling | floor floor | minclock minclock | minsane
1143 minsane]
1144 This command affects the clock selection and clustering algorithms.
1145 It can be used to select the quality and quantity of peers used to
1146 synchronize the system clock and is most useful in manycast mode.
1147 The variables operate as follows:
1148 ceiling ceiling
1150 Peers with strata above ceiling will be discarded if there are
1151 at least minclock peers remaining. This value defaults to 15,
1152 but can be changed to any number from 1 to 15.
1153 floor floor
1155 Peers with strata below floor will be discarded if there are at
1156 least minclock peers remaining. This value defaults to 1, but
1157 can be changed to any number from 1 to 15.
1158 minclock minclock
1160 The clustering algorithm repeatedly casts out outlier
1161 associations until no more than minclock associations remain.
1162 This value defaults to 3, but can be changed to any number from
1163 1 to the number of configured sources.
1164 minsane minsane
1166 This is the minimum number of candidates available to the clock
1167 selection algorithm in order to produce one or more truechimers
1168 for the clustering algorithm. If fewer than this number are
1169 available, the clock is undisciplined and allowed to run free.
1170 The default is 1 for legacy purposes. However, according to
1171 principles of Byzantine agreement, minsane should be at least 4
1172 in order to detect and discard a single falseticker.
1173
1175 For a detailed description of reference-clock configuration, see the
1176 "Reference Clock Drivers" page (available as part of the HTML
1177 documentation provided in /usr/share/doc/ntp).
1178
1180 refclock drivername [unit u] [prefer] [subtype int] [mode int] [minpoll
1181 int] [maxpoll int] [time1 sec] [time2 sec] [stratum int] [refid string]
1182 [path filename] [ppspath filename] [baud number] [flag1 {0 | 1}] [flag2
1183 {0 | 1}] [flag3 {0 | 1}] [flag4 {0 | 1}]
1184 This command is used to configure reference clocks. The required
1185 drivername argument is the shortname of a driver type (e.g., shm,
1186 nmea, generic; see the Reference Clock Drivers <refclock.html> page
1187 for a full list. The options are interpreted as follows:
1188 unit
1190 The 0-origin unit number of the device; this modifies the
1191 devicename. If not specified, defaults to zero.
1192 prefer
1194 Marks the reference clock as preferred. All other things being
1195 equal, this host will be chosen for synchronization among a set
1196 of correctly operating hosts and clocks. See the "Mitigation
1197 Rules and the prefer Keyword" page (available as part of the
1198 HTML documentation provided in /usr/share/doc/ntp) for further
1199 information.
1200 subtype int
1202 Some drivers (notably the generic and jjy drivers) support
1203 multiple device types. This option selects among them in a
1204 driver-dependent way.
1205 mode int
1207 Specifies a mode number which is interpreted in a
1208 device-specific fashion. For instance, it selects a dialing
1209 protocol in the ACTS driver and a sentence mix in the nmea
1210 driver.
1211 minpoll int; maxpoll int
1213 These options specify the minimum and maximum polling interval
1214 for reference clock messages, as a power of 2 in seconds. For
1215 most directly connected reference clocks, both minpoll and
1216 maxpoll default to 6 (64 sec). For modem reference clocks,
1217 minpoll defaults to 10 (17.1 min) and maxpoll defaults to 14
1218 (4.5 hours). The allowable range is 0 (1 sec) to 17 (36.4
1219 hours) inclusive.
1220 time1 sec
1222 Specifies a constant to be added to the time offset produced by
1223 the driver, a fixed-point decimal number in seconds. Each "g"
1224 on the end of the constant adds the number of seconds in a
1225 10-bit GPS era; each "G" adds the number of seconds in a 13-bit
1226 GPS era. This is used as a calibration constant to adjust the
1227 nominal time offset of a particular clock to agree with an
1228 external standard, such as a precision PPS signal. It also
1229 provides a way to correct a systematic error or bias due to era
1230 wraparound from a GPS device, serial port or operating system
1231 latencies, different cable lengths or receiver internal delay.
1232 The specified offset is in addition to the propagation delay
1233 provided by other means, such as internal DIP switches. Where a
1234 calibration for an individual system and driver is available,
1235 an approximate correction is noted in the driver documentation
1236 pages. Note: To facilitate calibration when more than one radio
1237 clock or PPS signal is supported, a special calibration feature
1238 is available. It takes the form of an argument to the enable
1239 command described in "Miscellaneous Options" page and operates
1240 as described in the "Reference Clock Drivers" page.
1241 time2 secs
1243 Specifies a fixed-point decimal number in seconds, which is
1244 interpreted in a driver-dependent way. See the descriptions of
1245 specific drivers in the "Reference Clock Drivers" page.
1246 stratum int
1248 Specifies the stratum number assigned to the driver, an integer
1249 between 0 and 15. This number overrides the default stratum
1250 number ordinarily assigned by the driver itself, usually zero.
1251 refid string
1253 Specifies an ASCII string of from one to four characters which
1254 defines the reference identifier used by the driver. This
1255 string overrides the default identifier ordinarily assigned by
1256 the driver itself.
1257 path filepath
1259 Overrides the default device location for this refclock.
1260 ppspath filepath
1262 Overrides the default PPS device location (if any) for this
1263 driver.
1264 baud number
1266 Overrides the defaults baud rate for this driver.
1267 flag1 {0 | 1}; flag2 {0 | 1}; flag3 {0 | 1}; flag4 {0 | 1}
1269 These four flags are used for customizing the clock driver. The
1270 interpretation of these values, and whether they are used at
1271 all, is a function of the particular clock driver. However, by
1272 convention flag4 is used to enable recording monitoring data to
1273 the clockstats file configured with the filegen command.
1274 Further information on the filegen command can be found in
1275 "Monitoring Options".
1276
1278 driftfile driftfile
1279 This command specifies the complete path and name of the file used
1280 to record the frequency of the local clock oscillator; this is the
1281 same operation as the -f command line option. If the file exists,
1282 it is read at startup to set the initial frequency and then updated
1283 once per hour with the current frequency computed by the daemon. If
1284 the file name is specified, but the file itself does not exist,
1285 ntpd starts with an initial frequency of zero and creates the file
1286 when writing it for the first time. If this command is not given,
1287 the daemon will always start with an initial frequency of zero.
1288 The file format consists of a single line containing a single
1290 floating point number, which records the frequency offset measured
1291 in parts-per-million (PPM). The file is updated by first writing
1292 the current drift value into a temporary file and then renaming
1293 this file to replace the old version; this implies that ntpd(8)
1294 must have write permission for the directory the drift file is
1295 located in, and that file system links, symbolic or otherwise,
1296 should be avoided.
1297 enable [auth | calibrate | kernel | monitor | ntp | stats]; disable
1299 [auth | calibrate | kernel | monitor | ntp | stats]
1300 Provides a way to enable or disable various server options. Flags
1301 not mentioned are unaffected. Note that all of these flags can be
1302 controlled remotely using the ntpq(1) utility program.
1303 auth
1305 Enables the server to synchronize with unconfigured peers only
1306 if the peer has been correctly authenticated. The default for
1307 this flag is enable.
1308 calibrate
1310 Enables the calibrate feature for reference clocks. The default
1311 for this flag is disable.
1312 kernel
1314 Enables the kernel time discipline, if available. The default
1315 for this flag is enable if support is available, otherwise
1316 disable.
1317 monitor
1319 Enables the monitoring facility. See the ntpq(1) program and
1320 the monlist command for further information. The default for
1321 this flag is enable.
1322 ntp
1324 Enables time and frequency discipline. In effect, this switch
1325 opens and closes the feedback loop, which is useful for
1326 testing. The default for this flag is enable.
1327 stats
1329 Enables the statistics facility. See the "Monitoring Options"
1330 section for further information. The default for this flag is
1331 disable.
1332 includefile includefile
1334 This command allows additional configuration commands to be
1335 included from a separate file. Include files may be nested to a
1336 depth of five; upon reaching the end of any include file, command
1337 processing resumes in the previous configuration file. Relative
1338 pathnames are evaluated not with respect to the current working
1339 directory but with respect to the directory name of the last pushed
1340 file in the stack. This option is useful for sites that run ntpd(8)
1341 on multiple hosts, with (mostly) common options (e.g., a
1342 restriction list).
1343 interface [listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | name
1345 | address[/prefixlen]]
1346 This command controls which network addresses ntpd opens, and
1347 whether the input is dropped without processing. The first
1348 parameter determines the action on addresses which match the second
1349 parameter. That parameter specifies a class of addresses, or a
1350 specific interface name, or an address. In the address case,
1351 prefixlen determines how many bits must match for this rule to
1352 apply. ignore prevents opening matching addresses, drop causes ntpd
1353 to open the address and drop all received packets without
1354 examination. Multiple interface commands can be used. The last rule
1355 which matches a particular address determines the action for it.
1356 interface commands are disabled if any of the -I, --interface,-L,
1357 or --novirtualips command-line options are used. If none of those
1358 options are used, and no interface actions are specified in the
1359 configuration file, all available network addresses are opened. The
1360 nic command is an alias for interface.
1361 leapfile leapfile
1363 This command loads the NIST leap seconds file and initializes the
1364 leapsecond values for the next leap second time, expiration time
1365 and TAI offset. The file can be obtained using ntpleapfetch.
1366 The leapfile is scanned when ntpd processes the leapfile directive
1368 or when ntpd detects that leapfile has changed. ntpd checks once a
1369 day to see if the leapfile has changed.
1370 leapsmearinterval interval
1372 This experimental option is only available if ntpd was built with
1373 the --enable-leap-smear option, It specifies the interval over
1374 which a leap second correction will be applied. Recommended values
1375 for this option are between 7200 (2 hours) and 86400 (24 hours). DO
1376 NOT USE THIS OPTION ON PUBLIC-ACCESS SERVERS! See
1377 http://bugs.ntp.org/2855 for more information.
1378 logconfig configkeyword
1380 This command controls the amount and type of output written to the
1381 system syslog(3) facility or the alternate log file. By default,
1382 all output is turned on. All configkeyword keywords can be prefixed
1383 with ‘=’, ‘’ and ‘-’, where ‘=’ sets the syslog(3) priority mask,
1384 ‘’ adds and ‘-’ removes messages. syslog(3) messages can be
1385 controlled in four classes (clock,peer,sys and sync). Within these
1386 classes four types of messages can be controlled: informational
1387 messages (info), event messages (events), statistics messages
1388 (statistics) and status messages (status).
1389 Configuration keywords are formed by concatenating the message
1391 class with the event class. The all prefix can be used instead of a
1392 message class. A message class may also be followed by the all
1393 keyword to enable/disable all messages of the respective message
1394 class. Thus, a minimal log configuration could look like this:
1395 logconfig =syncstatus +sysevents
1397 This would just list the synchronizations state of ntpd(8) and the
1399 major system events. For a simple reference server, the following
1400 minimum message configuration could be useful:
1401 logconfig =syncall +clockall
1403 This configuration will list all clock information and
1405 synchronization information. All other events and messages about
1406 peers, system events and so on is suppressed.
1407 logfile logfile
1409 This command specifies the location of an alternate log file to be
1410 used instead of the default system syslog(3) facility; this is the
1411 same operation as the -l command line option.
1412 If your ntpd runs for a long time, you probably want to use logrotate
1414 or newsyslog to switch to a new log file occasionally. SIGHUP will
1415 reopen the log file.
1416 mru [maxdepth count | maxmem kilobytes | mindepth count | maxage
1418 seconds | minage seconds | initalloc count | initmem kilobytes |
1419 incalloc count | incmem kilobytes]
1420 Controls size limits of the monitoring facility Most Recently Used
1421 (MRU) list of client addresses, which is also used by the rate
1422 control facility.
1423 maxdepth count, maxmem kilobytes
1425 Equivalent upper limits on the size of the MRU list, in terms
1426 of entries or kilobytes. The actual limit will be up to
1427 incalloc entries or incmem kilobytes larger. As with all of the
1428 mru options offered in units of entries or kilobytes, if both
1429 maxdepth and maxmem are used, the last one used controls. The
1430 default is 1024 kilobytes.
1431 mindepth count
1433 The lower limit on the MRU list size. When the MRU list has
1434 fewer than mindepth entries, existing entries are never removed
1435 to make room for newer ones, regardless of their age. The
1436 default is 600 entries.
1437 maxage seconds, minage seconds
1439 If an address is not in the list, there are several possible
1440 ways to find a slot for it.
1441 1. If the list has fewer than mindepth entries, a slot is
1443 allocated from the free list; this is the normal case for a
1444 server without a lot of clients. If clients come and go,
1445 for example, laptops going between home and work, the
1446 default setup shows only the long term average.
1447 2. If the age of the oldest slot is greater than maxage, the
1449 oldest slot is recycled (default 3600 seconds).
1450 3. If the freelist is not empty, a slot is allocated from the
1452 free list.
1453 4. If the freelist is empty but not full (see maxmem), more
1455 memory is allocated (see incmem) and, a new slot is used.
1456 5. If the age of the oldest slot is more than minage, the
1458 oldest slot is recycled (default 64 seconds).
1459 6. Otherwise, no slot is available.
1461 initalloc count, initmem kilobytes
1463 Initial memory allocation at the time the monitoring facility
1464 is first enabled, in terms of entries or kilobytes. The default
1465 is 4 kilobytes.
1466 incalloc count, incmem kilobytes
1468 Size of additional memory allocations when growing the MRU
1469 list, in entries or kilobytes. The default is 4 kilobytes.
1470 nonvolatile threshold
1472 Specify the threshold in seconds to write the frequency file, with
1473 a default of 1e-7 (0.1 PPM). The frequency file is inspected each
1474 hour. If the difference between the current frequency and the last
1475 value written exceeds the threshold, the file is written, and the
1476 threshold becomes the new threshold value. If the threshold is not
1477 exceeded, it is reduced by half; this is intended to reduce the
1478 frequency of unnecessary file writes for embedded systems with
1479 nonvolatile memory.
1480 phone dial ...
1482 This command is used in conjunction with the ACTS modem driver
1483 (type modem) or the JJY driver (type jjy). For ACTS, the arguments
1484 consist of a maximum of 10 telephone numbers used to dial USNO,
1485 NIST or European time services. For the jjy driver in modes
1486 100-180, the argument is one telephone number used to dial the
1487 telephone JJY service. The Hayes command ATDT is normally prepended
1488 to the number, which can contain other modem control codes as well.
1489 reset [allpeers] [auth] [ctl] [io] [mem] [sys] [timer]
1491 Reset one or more groups of counters maintained by ntpd and exposed
1492 by ntpq.
1493 setvar variable [default]
1495 This command adds a system variable. These variables can be used to
1496 distribute additional information such as the access policy. If the
1497 variable of the form name=value is followed by the default keyword,
1498 the variable will be listed as part of the default system variables
1499 (ntpq(1) rv command). These additional variables serve
1500 informational purposes only. They are not related to the protocol
1501 other that they can be listed. The known protocol variables will
1502 always override any variables defined via the setvar mechanism.
1503 There are three special variables that contain the names of all
1504 variable of the same group. The sys_var_list holds the names of all
1505 system variables. The peer_var_list holds the names of all peer
1506 variables and the clock_var_list holds the names of the reference
1507 clock variables.
1508 tinker [allan allan | dispersion dispersion | freq freq | huffpuff
1510 huffpuff | panic panic | step step | stepback stepback | stepfwd
1511 stepfwd | stepout stepout]
1512 This command can be used to alter several system variables in very
1513 exceptional circumstances. It should occur in the configuration
1514 file before any other configuration options. The default values of
1515 these variables have been carefully optimized for a wide range of
1516 network speeds and reliability expectations. In general, they
1517 interact in intricate ways that are hard to predict, and some
1518 combinations can result in some very nasty behavior. Very rarely is
1519 it necessary to change the default values; but, some folks cannot
1520 resist twisting the knobs anyway, and this command is for them.
1521 Emphasis added: twisters are on their own and can expect no help
1522 from the support group.
1523 The variables operate as follows:
1525 allan allan
1527 The argument becomes the new value for the minimum Allan
1528 intercept, which is a parameter of the PLL/FLL clock discipline
1529 algorithm. The value in log2 seconds defaults to 11 (2048 s),
1530 which is also the lower limit.
1531 dispersion dispersion
1533 The argument becomes the new value for the dispersion increase
1534 rate, normally .000015 s/s.
1535 freq freq
1537 The argument becomes the initial value of the frequency offset
1538 in parts-per-million; this overrides the value in the frequency
1539 file, if present, and avoids the initial training state if it
1540 is not.
1541 huffpuff huffpuff
1543 The argument becomes the new value for the experimental
1544 huff-n'-puff filter span, which determines the most recent
1545 interval the algorithm will search for a minimum delay. The
1546 lower limit is 900 s (15 m), but a more reasonable value is
1547 7200 (2 hours). There is no default since the filter is not
1548 enabled unless this command is given.
1549 panic panic
1551 The argument is the panic threshold, normally 1000 s. If set to
1552 zero, the panic sanity check is disabled, and a clock offset of
1553 any value will be accepted.
1554 step step
1556 The argument is the step threshold, which by default is 0.128
1557 sec. It can be set to any positive number in seconds. If set to
1558 zero, step adjustments will never occur. Note: The kernel time
1559 discipline is disabled if the step threshold is set to zero or
1560 greater than the default.
1561 stepback stepback
1563 The argument is the step threshold for the backward direction,
1564 which by default is 0.128 sec. It can be set to any positive
1565 number in seconds. If both the forward and backward step
1566 thresholds are set to zero, step adjustments will never occur.
1567 Note: The kernel time discipline is disabled if each direction
1568 of step threshold are either set to zero or greater than .5
1569 second.
1570 stepfwd stepfwd
1572 As for stepback, but for the forward direction.
1573 stepout stepout
1575 The argument is the stepout timeout, which by default is 900 s.
1576 It can be set to any positive number in seconds. If set to
1577 zero, the stepout pulses will not be suppressed.
1578 rlimit [memlock megabytes | stacksize 4kPages | filenum
1580 filedescriptors]
1581 memlock megabytes
1583 Ignored for backward compatibility.
1584 stacksize 4kPages
1586 Specifies the maximum size of the process stack on systems with
1587 the mlockall() function. Defaults to 50 4k pages.
1588 filenum filedescriptors
1590 Specifies the maximum number of file descriptors ntpd may have
1591 open at once. Defaults to the system default.
1592
1594 /etc/ntp.conf
1595 the default name of the configuration file
1596 ntp.keys
1598 private keys
1599 One of the following exit values will be returned:
1601 0 (EXIT_SUCCESS)
1603 Successful program execution.
1604 1 (EXIT_FAILURE)
1606 The operation failed or the command syntax was not valid.
1607
1609 ntpd(8), ntpq(1).
1610 In addition to the manual pages provided, comprehensive documentation
1612 is available on the world wide web at https://www.ntpsec.org. A
1613 snapshot of this documentation is available in HTML format in
1614 /usr/share/doc/ntp.
1615 David L. Mills, Network Time Protocol (Version 4), RFC 5905
1617
1619 The syntax checking is not picky; some combinations of ridiculous and
1620 even hilarious options and modes may not be detected.
1621NTPsec 2023-01-02 NTP.CONF(5)