Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/etc Use "pool" for the pool.ntp.org servers. Add some new hi...



details:   https://anonhg.NetBSD.org/src/rev/1dac4e51bccf
branches:  trunk
changeset: 944593:1dac4e51bccf
user:      kim <kim%NetBSD.org@localhost>
date:      Sun Oct 04 13:50:44 2020 +0000

description:
Use "pool" for the pool.ntp.org servers. Add some new hints.

- Use the "pool" keyword for obtaining servers from ntp.pool.org.
  - Add "tos minclock" and "tos maxclock" to limit the number of servers.
  - Add "restrict source" to apply appropriate restrictions to servers.
    (Specifically "nopeer" cannot be applied to "pool" servers.)
  - A single "pool" entry suffices -- using "2.netbsd.pool.ntp.org" so
    that we get both IPv4 and IPv6 addresses. (No addresses are returned
    for just "netbsd.pool.ntp.org.")
- Add a comment about "tinker panic 0" -- useful for VMs and laptops.
- Add a comment about "discard minimum" -- useful for some SNTP clients.
- Add an explanation for the "limited" restriction keyword.
- Unify whitespace and comment formatting.

diffstat:

 etc/ntp.conf |  91 ++++++++++++++++++++++++++++++++++++-----------------------
 1 files changed, 56 insertions(+), 35 deletions(-)

diffs (158 lines):

diff -r 6a47d2142725 -r 1dac4e51bccf etc/ntp.conf
--- a/etc/ntp.conf      Sun Oct 04 13:24:59 2020 +0000
+++ b/etc/ntp.conf      Sun Oct 04 13:50:44 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: ntp.conf,v 1.20 2017/01/09 20:05:29 christos Exp $
+# $NetBSD: ntp.conf,v 1.21 2020/10/04 13:50:44 kim Exp $
 #
 # NetBSD default Network Time Protocol (NTP) configuration file for ntpd
 
@@ -8,34 +8,52 @@
 # other guides, may be found on the official NTP web site, in particular
 #
 #      http://www.ntp.org/documentation.html
-#
 
 # Process ID file, so that the daemon can be signalled from scripts
 
-pidfile                /var/run/ntpd.pid
+pidfile /var/run/ntpd.pid
+
+# Don't give up even if the reference time is hugely different. This can
+# happen if the system was suspended and resumed.
+
+#tinker panic 0
 
 # The correction calculated by ntpd(8) for the local system clock's
 # drift is stored here.
 
-driftfile      /var/db/ntp.drift
+driftfile /var/db/ntp.drift
 
 # Suppress the syslog(3) message for each peer synchronization change.
 
-logconfig      -syncstatus
+logconfig -syncstatus
 
 # Refuse to set the local clock if there are too few good peers or servers.
 # This may help minimize disruptions due to network congestion. Don't
 # do this if you configure only one server!
 
-tos            minsane 2
+tos minsane 2
+
+# Set the target and limit for adding servers configured via pool statements
+# or discovered dynamically via mechanisms such as broadcast and manycast.
+# Ntpd automatically adds maxclock-1 servers from configured pools, and may
+# add as many as maxclock*2 if necessary to ensure that at least minclock
+# servers are providing good consistent time.
+
+tos minclock 3 maxclock 6
 
 # Set the number of tries to register with mdns. 0 means never
-#
-mdnstries      0
+
+mdnstries 0
 
 # New ntpd disables the ntpdc protocol by default, to re-enable uncomment
 # the following line
-# enable mode7
+
+#enable mode7
+
+# Allow hasty ntpdate clients to avoid rate limiting / kod responses.
+# The default is 2 seconds between packets from the client.
+
+#discard minimum 1
 
 # Access control restrictions.
 # See /usr/share/doc/html/ntp/accopt.html for syntax.
@@ -44,10 +62,13 @@
 #
 # Some of the more common keywords are:
 #   ignore      Deny packets of all kinds.
-#   kod         Send "kiss-o'-death" packets if clients exceed rate
-#               limits.
-#   nomodify    Deny attempts to modify the state of the server via
-#               ntpq or ntpdc queries.
+#   limited     Deny time service if the packet violates the rate limits
+#               established by the discard command. Does not affect ntpq or
+#               ntpdc queries.
+#   kod         Send "kiss-o'-death" packets if clients exceed rate limits.
+#               No affect without the limited flag.
+#   nomodify    Deny attempts to modify the state of the server via ntpq or
+#               ntpdc queries.
 #   noquery     Deny all ntpq and ntpdc queries.  Does not affect time
 #               synchronisation.
 #   nopeer      Prevent establishing new peer associations.
@@ -61,22 +82,26 @@
 # By default, allow client/server time exchange without prior
 # arrangement, but deny configuration changes, queries, and peer
 # associations that were not explicitly configured.
-#
-restrict default kod limited nopeer noquery
+
+restrict default limited kod nomodify notrap nopeer noquery
+
+# Restrictions used for associations (peer, server, pool).
+
+restrict source nomodify notrap noquery
 
 # Fewer restrictions for the local subnet.
 # (Uncomment and adjust as appropriate.)
-#
-#restrict 192.0.2.0 mask 255.255.255.0 kod limited nomodify notrap nopeer
-#restrict 2001:db8:: mask ffff:ffff::  kod limited nomodify notrap nopeer
+
+#restrict 192.0.2.0 mask 255.255.255.0 limited kod nomodify notrap nopeer
+#restrict 2001:db8:: mask ffff:ffff::  limited kod nomodify notrap nopeer
 
 # No restrictions for localhost.
-#
+
 restrict 127.0.0.1
 restrict ::1
 
-# Hereafter should be "server" or "peer" statements to configure other
-# hosts to exchange NTP packets with.
+# Hereafter should be "server", "peer", or "pool" statements to configure
+# other hosts to exchange NTP packets with.
 #
 # See <http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork>
 # and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers>
@@ -92,24 +117,20 @@
 # Ideally, you should select at least three other systems to talk NTP
 # with, for an "what I tell you three times is true" effect.
 
-#peer          an.ntp.peer.goes.here
-#server                an.ntp.server.goes.here
+#peer an.ntp.peer.goes.here
+#server an.ntp.server.goes.here
 
 # The pool.ntp.org project coordinates public time servers provided by
 # volunteers.  See <http://www.pool.ntp.org>.  The *.netbsd.pool.ntp.org
-# servers are intended to be used by default on NetBSD hosts, but
-# servers that are closer to you are likely to be better.  Consider
-# using servers specific to your country, a nearby country, or your
-# continent.
+# servers are intended to be used by default on NetBSD hosts.
+#
+# The following pool statement will give you a random set of NTP servers
+# geographically close to you.  A single pool statement adds multiple
+# servers from the pool, according to the tos minclock/maxclock targets.
+# The "2" host is used to obtain both IPv4 and IPv6 addresses.
 #
 # The pool.ntp.org project needs more volunteers! The only criteria to
 # join are a nailed-up connection and a static IP address. For details,
-# see the web page:
-#
-#      http://www.pool.ntp.org/join.html
-#
+# see the web page <http://www.pool.ntp.org/join.html>
 
-server         0.netbsd.pool.ntp.org
-server         1.netbsd.pool.ntp.org
-server         2.netbsd.pool.ntp.org
-server         3.netbsd.pool.ntp.org
+pool 2.netbsd.pool.ntp.org iburst



Home | Main Index | Thread Index | Old Index