svn commit: r316121 - stable/10/etc

Cy Schubert cy at FreeBSD.org
Wed Mar 29 01:32:36 UTC 2017


Author: cy
Date: Wed Mar 29 01:32:34 2017
New Revision: 316121
URL: https://svnweb.freebsd.org/changeset/base/316121

Log:
  MFC r311103 (ian):
  
  Update ntp.conf to use the ntpd pool feature.
  
  Our previous ntp.conf file configured 3 servers from freebsd.pool.ntp.org
  using 3 separate 'server' config lines.  That is now replaced with a single
  'pool' line which causes ntpd to add multiple servers from the pool.
  
  More than just making the config smaller, the pool feature in ntpd has one
  major advantage over configuring 3 separate servers from a pool: if a server
  that was added using a 'pool' statement provides bad time (initially or at
  some later date), ntpd automatically discards it and configures a new
  different server from the pool without needing to be restarted.
  
  These changes also add a 'tos' line to control how many pool servers get
  added, a 'restrict source' line that is required to allow ntpd to add new
  peers from the pool, and it deletes a 'restrict 127.127.1.0' line that does
  nothing and should never have been there (127.127.1.0 is not a valid IP
  address, it's a refclock identifier).
  
  Reviewed by:		cy
  MFC requested by:	ache
  Differential Revision:  https://reviews.freebsd.org/D9011

Modified:
  stable/10/etc/ntp.conf
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/etc/ntp.conf
==============================================================================
--- stable/10/etc/ntp.conf	Wed Mar 29 01:21:48 2017	(r316120)
+++ stable/10/etc/ntp.conf	Wed Mar 29 01:32:34 2017	(r316121)
@@ -11,28 +11,43 @@
 #
 
 #
-# The following three servers will give you a random set of three
-# NTP servers geographically close to you.
-# See http://www.pool.ntp.org/ for details. Note, the pool encourages
+# Set the target and limit for adding servers configured via pool statements
+# or discovered dynamically via mechanisms such as broadcast and manycast.
+# Ntpd automatically adds maxclock-1 servers from configured pools, and may
+# add as many as maxclock*2 if necessary to ensure that at least minclock 
+# servers are providing good consistant time.
+#
+tos minclock 3 maxclock 6
+
+#
+# The following pool statement will give you a random set of NTP servers
+# geographically close to you.  A single pool statement adds multiple
+# servers from the pool, according to the tos minclock/maxclock targets.
+# See http://www.pool.ntp.org/ for details.  Note, pool.ntp.org encourages
 # users with a static IP and good upstream NTP servers to add a server
 # to the pool. See http://www.pool.ntp.org/join.html if you are interested.
 #
 # The option `iburst' is used for faster initial synchronization.
 #
-server 0.freebsd.pool.ntp.org iburst
-server 1.freebsd.pool.ntp.org iburst
-server 2.freebsd.pool.ntp.org iburst
-#server 3.freebsd.pool.ntp.org iburst
+pool 0.freebsd.pool.ntp.org iburst
 
 #
 # If you want to pick yourself which country's public NTP server
-# you want sync against, comment out the above servers, uncomment
-# the next ones and replace CC with the country's abbreviation.
-# Make sure that the hostnames resolve to a proper IP address!
-#
-# server 0.CC.pool.ntp.org iburst
-# server 1.CC.pool.ntp.org iburst
-# server 2.CC.pool.ntp.org iburst
+# you want to sync against, comment out the above pool, uncomment
+# the next one, and replace CC with the country's abbreviation.
+# Make sure that the hostname resolves to a proper IP address!
+#
+# pool 0.CC.pool.ntp.org iburst
+
+#
+# To configure a specific server, such as an organization-wide local
+# server, add lines similar to the following.  One or more specific
+# servers can be configured in addition to, or instead of, any server
+# pools specified above.  When both are configured, ntpd first adds all
+# the specific servers, then adds servers from the pool until the tos
+# minclock/maxclock targets are met.
+#
+#server time.my-internal.org iburst
 
 #
 # Security:
@@ -40,11 +55,17 @@ server 2.freebsd.pool.ntp.org iburst
 # By default, only allow time queries and block all other requests
 # from unauthenticated clients.
 #
+# The "restrict source" line allows peers to be mobilized when added by
+# ntpd from a pool, but does not enable mobilizing a new peer association
+# by other dynamic means (broadcast, manycast, ntpq commands, etc).
+#
 # See http://support.ntp.org/bin/view/Support/AccessRestrictions
 # for more information.
 #
-restrict default limited kod nomodify notrap nopeer noquery
-restrict -6 default limited kod nomodify notrap nopeer noquery
+restrict    default limited kod nomodify notrap noquery nopeer
+restrict -6 default limited kod nomodify notrap noquery nopeer
+restrict    source  limited kod nomodify notrap noquery
+
 #
 # Alternatively, the following rules would block all unauthorized access.
 #
@@ -65,7 +86,6 @@ restrict -6 default limited kod nomodify
 # The following settings allow unrestricted access from the localhost
 restrict 127.0.0.1
 restrict -6 ::1
-restrict 127.127.1.0
 
 #
 # If a server loses sync with all upstream servers, NTP clients


More information about the svn-src-stable-10 mailing list