xref: /openbsd-src/usr.sbin/ntpd/ntpd.conf.5 (revision f2da64fbbbf1b03f09f390ab01267c93dfd77c4c) 
1.\" $OpenBSD: ntpd.conf.5,v 1.33 2015/10/23 14:52:20 phessler Exp $
2.\"
3.\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
14.\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
15.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd $Mdocdate: October 23 2015 $
18.Dt NTPD.CONF 5
19.Os
20.Sh NAME
21.Nm ntpd.conf
22.Nd Network Time Protocol daemon configuration file
23.Sh DESCRIPTION
24This manual page describes the format of the
25.Xr ntpd 8
26configuration file.
27.Pp
28.Nm
29has the following format:
30.Pp
31Empty lines and lines beginning with the
32.Sq #
33character are ignored.
34.Pp
35Keywords may be specified multiple times within the configuration file.
36The basic configuration options are as follows:
37.Bl -tag -width Ds
38.It Xo Ic listen on Ar address
39.Op Ic rtable Ar table-id
40.Xc
41Specify a local IP address or a hostname the
42.Xr ntpd 8
43daemon should listen on.
44If it appears multiple times,
45.Xr ntpd 8
46will listen on each given address.
47If
48.Sq *
49is given as an address,
50.Xr ntpd 8
51will listen on all local addresses using the specified routing table.
52.Xr ntpd 8
53does not listen on any address by default.
54The optional
55.Ic rtable
56keyword will specify which routing table to listen on.
57By default
58.Xr ntpd 8
59will listen using the current routing table.
60For example:
61.Bd -literal -offset indent
62listen on *
63.Ed
64.Pp
65or
66.Bd -literal -offset indent
67listen on 127.0.0.1
68listen on ::1
69listen on 127.0.0.1 rtable 4
70.Ed
71.It Xo Ic sensor Ar device
72.Op Ic correction Ar microseconds
73.Op Ic weight Ar weight-value
74.Op Ic refid Ar string
75.Op Ic stratum Ar stratum-value
76.Xc
77Specify a timedelta sensor device
78.Xr ntpd 8
79should use.
80The sensor can be specified multiple times:
81.Xr ntpd 8
82will use each given sensor that actually exists.
83Non-existent sensors are ignored.
84If
85.Sq *
86is given as device name,
87.Xr ntpd 8
88will use all timedelta sensors it finds.
89.Xr ntpd 8
90does not use any timedelta sensor by default.
91For example:
92.Bd -literal -offset indent
93sensor *
94sensor nmea0
95.Ed
96.Pp
97An optional correction in microseconds can be given to compensate
98for the sensor's offset.
99The maximum correction is 127 seconds.
100For example, if a DCF77 receiver is lagging 70ms behind
101actual time:
102.Bd -literal -offset indent
103sensor udcf0 correction 70000
104.Ed
105.Pp
106The optional
107.Ic weight
108keyword permits finer control over the relative importance
109of time sources (servers or sensor devices).
110Weights are specified in the range 1 to 10;
111if no weight is given,
112the default is 1.
113A server with a weight of 5, for example,
114will have five times more influence on time offset calculation
115than a server with a weight of 1.
116.Pp
117An optional reference ID string - up to 4 ASCII characters - can be
118given to publish the sensor type to clients.
119RFC 2030 suggests some common reference identifiers, but new identifiers
120"can be contrived as appropriate."
121If an ID string is not given,
122.Xr ntpd 8
123will use a generic reference ID.
124For example:
125.Bd -literal -offset indent
126sensor nmea0 refid GPS
127.Ed
128.Pp
129A stratum value other than the default of 1 can be assigned using
130the stratum keyword.
131.It Xo Ic server Ar address
132.Op Ic weight Ar weight-value
133.Xc
134Specify the IP address or the hostname of an NTP
135server to synchronize to.
136If it appears multiple times,
137.Xr ntpd 8
138will try to synchronize to all of the servers specified.
139If a hostname resolves to multiple IPv4 and/or IPv6 addresses,
140.Xr ntpd 8
141uses the first address.
142If it does not get a reply,
143.Xr ntpd 8
144retries with the next address and continues to do so until a working address
145is found.
146For example:
147.Bd -literal -offset indent
148server 10.0.0.2 weight 5
149server ntp.example.org weight 1
150.Ed
151.Pp
152To provide redundancy, it is good practice to configure multiple servers.
153In general, best accuracy is obtained by using servers that have a low
154network latency.
155.It Xo Ic servers Ar address
156.Op Ic weight Ar weight-value
157.Xc
158As with
159.Cm server ,
160specify the IP address or hostname of an NTP server to synchronize to.
161If it appears multiple times,
162.Xr ntpd 8
163will try to synchronize to all of the servers specified.
164Should the hostname resolve to multiple IP addresses,
165.Xr ntpd 8
166will try to synchronize to all of them.
167For example:
168.Bd -literal -offset indent
169servers pool.ntp.org
170servers pool.ntp.org weight 5
171.Ed
172.El
173.Sh CONSTRAINTS
174.Xr ntpd 8
175can be configured to query the
176.Sq Date
177from trusted HTTPS servers via TLS.
178This time information is not used for precision but acts as an
179authenticated constraint,
180thereby reducing the impact of unauthenticated NTP
181man-in-the-middle attacks.
182Received NTP packets with time information falling outside of a range
183near the constraint will be discarded and such NTP servers
184will be marked as invalid.
185.Bl -tag -width Ds
186.It Ic constraint from Ar url
187Specify the URL, IP address or the hostname of an HTTPS server to
188provide a constraint.
189If
190.Ic constraint from
191is used more than once,
192.Xr ntpd 8
193will calculate a median constraint from all the servers specified.
194.Bd -literal -offset indent
195server ntp.example.org
196constraint from www.example.com
197.Ed
198.It Ic constraints from Ar url
199As with
200.Ic constraint from ,
201specify the URL, IP address or the hostname of an HTTPS server to
202provide a constraint.
203Should the hostname resolve to multiple IP addresses,
204.Xr ntpd 8
205will calculate a median constraint from all of them.
206For example:
207.Bd -literal -offset indent
208servers pool.ntp.org
209constraints from "https://www.google.com/"
210.Ed
211.El
212.Sh FILES
213.Bl -tag -width "/etc/ntpd.confXXX" -compact
214.It Pa /etc/ntpd.conf
215default
216.Xr ntpd 8
217configuration file
218.El
219.Sh SEE ALSO
220.Xr ntpctl 8 ,
221.Xr ntpd 8 ,
222.Xr sysctl 8
223.Sh HISTORY
224The
225.Nm
226file format first appeared in
227.Ox 3.6 .
228