ntpd.conf is the primary configuration file used by the Network Time Protocol daemon (ntpd). This file controls how ntpd synchronizes the local system clock with remote NTP servers, sets security restrictions, logging options, and various performance parameters.
-
NTP Servers:
- Purpose: Define which external (or internal) NTP servers ntpd should use to synchronize the time.
- Directives:
server <hostname> [options]: Specifies an NTP server.peer <hostname> [options]: Specifies a peer server for symmetric active mode.
- Example:
server 0.pool.ntp.org iburst server 1.pool.ntp.org iburst server 2.pool.ntp.org iburst server 3.pool.ntp.org iburst
- Notes: The
iburstoption speeds up the initial synchronization process.
-
Driftfile:
- Purpose: Stores the estimated frequency error of the system clock.
- Directive:
driftfile /var/lib/ntp/ntp.drift
- Notes: ntpd uses this file to compensate for clock drift between reboots.
-
Access Restrictions:
- Purpose: Control which hosts are allowed to query or modify the ntpd service.
- Directive:
restrict <network> [flags]
- Example:
restrict default ignore # Deny all access by default restrict 127.0.0.1 # Allow unrestricted access from localhost restrict ::1 # Allow IPv6 localhost access
- Flags: Common flags include
nomodify,noquery,notrap, etc.
-
Logging and Statistics:
- Purpose: Configure logging of ntpd events and create statistics files.
- Directives:
logfile /var/log/ntp.log: Specifies where ntpd logs are stored.statistics clockstats loopstats peerstatsfilegen <statistic> file <filename> type <type> all
- Example:
logfile /var/log/ntpd.log filegen loopstats file /var/log/ntp/loopstats type day enable filegen peerstats file /var/log/ntp/peerstats type day enable
-
Other Useful Settings:
- Broadcast/Multicast: To serve time to local network clients.
broadcast 192.168.1.255
- Server Options: Such as
maxdelay,minpoll,maxpoll, etc., to fine-tune synchronization behavior.server time.nist.gov minpoll 4 maxpoll 6
- Broadcast/Multicast: To serve time to local network clients.
# /etc/ntp.conf - Configuration file for ntpd
# Specify the drift file location
driftfile /var/lib/ntp/ntp.drift
# Define NTP servers to synchronize with
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
# Use local clock as a fallback (known as the 'local' clock)
# (Note: This should be used with caution; see the "LOCAL" directive in the ntpd docs)
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
# Access restrictions
restrict default ignore # Deny all access by default
restrict 127.0.0.1 # Allow localhost
restrict ::1 # Allow IPv6 localhost
# Logging configuration
logfile /var/log/ntpd.log
# Generate statistics files
filegen loopstats file /var/log/ntp/loopstats type day enable
filegen peerstats file /var/log/ntp/peerstats type day enable
filegen clockstats file /var/log/ntp/clockstats type day enable
# Other configuration options can be added below as needed- Security: Use restrictive
restrictlines to prevent unauthorized modification or querying of your ntpd service. - Redundancy: Specify multiple reliable NTP servers to ensure that your time service remains accurate even if one server is unreachable.
- Monitoring: Configure logging and statistics to help diagnose issues with synchronization.
- Backup: Keep a backup of your
ntpd.conffile so you can quickly restore your configuration if needed. - Testing Changes: After modifying
ntpd.conf, restart the ntpd service and monitor logs to ensure that the changes take effect without issues.
The ntpd.conf file is a fundamental component for configuring the NTP daemon. It allows administrators to specify time sources, manage security restrictions, enable logging, and fine-tune synchronization parameters. Proper configuration is critical to ensure accurate timekeeping and robust operation in any environment that relies on synchronized time.