Red Hat Summit22.9. Understanding the ntpd Configuration File
The daemon,
Copy to Clipboard
Copied!
The configuration commands are explained briefly later in this chapter, see Section 22.16, “Configure NTP”, and more verbosely in the
ntpd, reads the configuration file at system start or when the service is restarted. The default location for the file is /etc/ntp.conf and you can view the file by entering the following command:
less /etc/ntp.conf
~]$ less /etc/ntp.confntp.conf(5) man page.
Here follows a brief explanation of the contents of the default configuration file:
- The driftfile entry
- A path to the drift file is specified, the default entry on Red Hat Enterprise Linux is:If you change this be certain that the directory is writable by
driftfile /var/lib/ntp/drift
driftfile /var/lib/ntp/driftCopy to Clipboard Copied! ntpd. The file contains one value used to adjust the system clock frequency after every system or service start. See Understanding the Drift File for more information. - The access control entries
- The following lines setup the default access control restrictions:The
restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery
restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noqueryCopy to Clipboard Copied! kodoption means a “Kiss-o'-death” packet is to be sent to reduce unwanted queries. Thenomodifyoptions prevents any changes to the configuration. Thenotrapoption preventsntpdccontrol message protocol traps. Thenopeeroption prevents a peer association being formed. Thenoqueryoption preventsntpqandntpdcqueries, but not time queries, from being answered. The-6option is required before anIPv6address.Addresses within the range127.0.0.0/8are sometimes required by various processes or applications. As the "restrict default" line above prevents access to everything not explicitly allowed, access to the standard loopback address forIPv4andIPv6is permitted by means of the following lines:Addresses can be added underneath if specifically required by another application. Thethe administrative functions.
# the administrative functions. restrict 127.0.0.1 restrict -6 ::1Copy to Clipboard Copied! -6option is required before anIPv6address.Hosts on the local network are not permitted because of the "restrict default" line above. To change this, for example to allow hosts from the192.0.2.0/24network to query the time and statistics but nothing more, a line in the following format is required:To allow unrestricted access from a specific host, for examplerestrict 192.0.2.0 mask 255.255.255.0 nomodify notrap nopeer
restrict 192.0.2.0 mask 255.255.255.0 nomodify notrap nopeerCopy to Clipboard Copied! 192.0.2.250/32, a line in the following format is required:A mask ofrestrict 192.0.2.250
restrict 192.0.2.250Copy to Clipboard Copied! 255.255.255.255is applied if none is specified.The restrict commands are explained in thentp_acc(5)man page. - The public servers entry
- By default, as of Red Hat Enterprise 6.5, the
ntp.conffile contains four public server entries:If upgrading from a previous minor release, and yourserver 0.rhel.pool.ntp.org iburst server 1.rhel.pool.ntp.org iburst server 2.rhel.pool.ntp.org iburst server 3.rhel.pool.ntp.org iburst
server 0.rhel.pool.ntp.org iburst server 1.rhel.pool.ntp.org iburst server 2.rhel.pool.ntp.org iburst server 3.rhel.pool.ntp.org iburstCopy to Clipboard Copied! /etc/ntp.conffile has been modified, then the upgrade to Red Hat Enterprise Linux 6.5 will create a new file/etc/ntp.conf.rpmnewand will not alter the existing/etc/ntp.conffile. - The broadcast multicast servers entry
- By default, the
ntp.conffile contains some commented out examples. These are largely self explanatory. See the explanation of the specific commands Section 22.16, “Configure NTP”. If required, add your commands just below the examples.
Note
When the
DHCP client program, dhclient, receives a list of NTP servers from the DHCP server, it adds them to ntp.conf and restarts the service. To disable that feature, add PEERNTP=no to /etc/sysconfig/network.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}