diff options
Diffstat (limited to 'ntpd/ntp.conf.def')
| -rw-r--r-- | ntpd/ntp.conf.def | 100 |
1 files changed, 47 insertions, 53 deletions
diff --git a/ntpd/ntp.conf.def b/ntpd/ntp.conf.def index 03dd8b808099..444e3b35e351 100644 --- a/ntpd/ntp.conf.def +++ b/ntpd/ntp.conf.def @@ -296,27 +296,15 @@ include authentication fields encrypted using the autokey scheme described in .Sx Authentication Options . .It Cm burst -when the server is reachable, send a burst of eight packets -instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first and second packets -can be changed with the -.Ic calldelay -command to allow -additional time for a modem or ISDN call to complete. -This is designed to improve timekeeping quality -with the +when the server is reachable, send a burst of six packets +instead of the usual one. The packet spacing is 2 s. +This is designed to improve timekeeping quality with the .Ic server command and s addresses. .It Cm iburst When the server is unreachable, send a burst of eight packets instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first two packets can be -changed with the -.Ic calldelay -command to allow -additional time for a modem or ISDN call to complete. +The packet spacing is 2 s. This is designed to speed the initial synchronization acquisition with the .Ic server @@ -892,7 +880,6 @@ range 1 to 65,535, inclusive. .Op Cm leap Ar file .Op Cm randfile Ar file .Op Cm host Ar file -.Op Cm sign Ar file .Op Cm gq Ar file .Op Cm gqpar Ar file .Op Cm iffpar Ar file @@ -955,14 +942,6 @@ encrypted. Specifies the location of the random seed file used by the OpenSSL library. The defaults are described in the main text above. -.It Cm sign Ar file -Specifies the location of the optional sign key file. -This overrides -the link -.Pa ntpkey_sign_ Ns Ar hostname -in the keys directory. -If this file is -not found, the host key is also the sign key. .El .It Ic keys Ar keyfile Specifies the complete path and location of the MD5 key file @@ -1549,7 +1528,8 @@ by default the probability of replacing it with an entry representing the client request being processed now is 10%. Conversely, if the oldest entry is more than 3000 seconds old, the probability is 100%. -.It Xo Ic restrict address +.It Xo Ic restrict +.Ar address .Op Cm mask Ar mask .Op Cm ippeerlimit Ar int .Op Ar flag ... @@ -1557,21 +1537,22 @@ than 3000 seconds old, the probability is 100%. The .Ar address argument expressed in -dotted-quad form is the address of a host or network. +numeric form is the address of a host or network. Alternatively, the .Ar address -argument can be a valid host DNS name. +argument can be a valid hostname. When a hostname +is provided, a restriction entry is created for each +address the hostname resolves to, and any provided +.Ar mask +is ignored and an individual host mask is +used for each entry. The .Ar mask -argument expressed in dotted-quad form defaults to -.Cm 255.255.255.255 , -meaning that the +argument expressed in numeric form defaults to +all bits lit, meaning that the .Ar address is treated as the address of an individual host. -A default entry (address -.Cm 0.0.0.0 , -mask -.Cm 0.0.0.0 ) +A default entry with address and mask all zeroes is always included and is always the first entry in the list. Note that text string .Cm default , @@ -1608,12 +1589,12 @@ and .Xr ntpdc 1ntpdcmdoc queries. .It Cm kod -If this flag is set when an access violation occurs, a kiss-o'-death -(KoD) packet is sent. -KoD packets are rate limited to no more than one -per second. -If another KoD packet occurs within one second after the -last one, the packet is dropped. +If this flag is set when a rate violation occurs, a kiss-o'-death +(KoD) packet is sometimes sent. +KoD packets are rate limited to no more than one per minimum +average interpacket spacing, set by +.Cm discard average +defaulting to 8s. Otherwise, no response is sent. .It Cm limited Deny service if the packet spacing violates the lower limits specified in the @@ -1703,15 +1684,13 @@ restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). -Both +There can be two restriction entries with the same IP address if +one specifies .Cm ntpport -and -.Cm non-ntpport -may -be specified. +and the other does not. The .Cm ntpport -is considered more specific and +entry is considered more specific and is sorted later in the list. .It Ic "serverresponse fuzz" When reponding to server requests, @@ -1723,12 +1702,31 @@ Deny packets that do not match the current NTP version. .Pp Default restriction list entries with the flags ignore, interface, ntpport, for each of the local host's interface addresses are -inserted into the table at startup to prevent the server -from attempting to synchronize to its own time. +inserted into the table at startup to prevent ntpd +from attempting to synchronize to itself, such as with +.Cm manycastclient +when +.Cm manycast +is also specified with the same multicast address. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted). +.It Xo Ic delrestrict +.Op source +.Ar address +.Xc +Remove a previously-set restriction. This is useful for +runtime configuration via +.Xr ntpq 1ntpqmdoc +. If +.Cm source +is specified, a dynamic restriction created from the +.Cm restrict source +template at the time +an association was added is removed. Without +.Cm source +a static restriction is removed. .El .Sh Automatic NTP Configuration Options .Ss Manycasting @@ -2465,10 +2463,6 @@ Typically (for Ethernet), a number between 0.003 and 0.007 seconds is appropriate. The default when this command is not used is 0.004 seconds. -.It Ic calldelay Ar delay -This option controls the delay in seconds between the first and second -packets sent in burst or iburst mode to allow additional time for a modem -or ISDN call to complete. .It Ic driftfile Ar driftfile This command specifies the complete path and name of the file used to record the frequency of the local clock oscillator. |