Over time, a computer's clock is prone to drift. The Network Time Protocol (NTP) is one way to ensure the clock stays accurate.
Many Internet services rely on, or greatly benefit from, computers' clocks being accurate. For example, a web server may receive requests to send a file if it has been modified since a certain time. In a local area network environment, it is essential that computers sharing files from the same file server have synchronized clocks so that file timestamps stay consistent. Services such as cron(8) also rely on an accurate system clock to run commands at the specified times.
FreeBSD ships with the ntpd(8) NTP server which can be used to query other NTP servers to set the clock on the machine or provide time services to others.
In order to synchronize the clock, one or more NTP servers must be defined. The network administrator or ISP may have set up an NTP server for this purpose—check their documentation to see if this is the case. There is an online list of publicly accessible NTP servers which may be referenced to find an NTP server nearest to the system. Take care to review the policy for any chosen servers, and ask for permission if required.
Choosing several unconnected NTP servers is a good idea in case one of the servers being used becomes unreachable or its clock is unreliable. ntpd(8) uses the responses it receives from other servers intelligently—it will favor unreliable servers less than reliable ones.
To synchronize the clock only when the machine boots up, use ntpdate(8). This may be appropriate for some desktop machines which are frequently rebooted and only require infrequent synchronization, but most machines should run ntpd(8).
Using ntpdate(8) at boot time is also a good idea for machines that run ntpd(8). The ntpd(8) program changes the clock gradually, whereas ntpdate(8) sets the clock, no matter how great the difference between a machine's current clock setting and the correct time.
To enable ntpdate(8) at boot time, add
ntpdate_enable="YES"
to
/etc/rc.conf
. Also
specify all synchronization servers and any
flags to be passed to ntpdate(8) in
ntpdate_flags
.
NTP is configured by the
/etc/ntp.conf
file in the format
described in ntp.conf(5). Here is a simple
example:
The server
option specifies which
servers are to be used, with one server listed on each line.
If a server is specified with the prefer
argument, as with ntplocal.example.com
, that server is
preferred over other servers. A response from a preferred
server will be discarded if it differs significantly from
other servers' responses, otherwise it will be used without
any consideration to other responses. The
prefer
argument is normally used for NTP
servers that are known to be highly accurate, such as those
with special time monitoring hardware.
The driftfile
option specifies which
file is used to store the system clock's frequency offset.
The ntpd(8) program uses this to automatically
compensate for the clock's natural drift, allowing it to
maintain a reasonably correct setting even if it is cut off
from all external time sources for a period of time.
The driftfile
option specifies which
file is used to store information about previous responses
from the NTP servers being used. This file contains
internal information for NTP. It should not be modified by
any other process.
By default, the NTP server will be accessible to all
hosts on the Internet. The restrict
option in /etc/ntp.conf
controls which machines can access the server.
To deny all machines from accessing the NTP
server, add the following line to
/etc/ntp.conf
:
This will also prevent access from the server to any servers listed in the local configuration. If there is a need to synchronise the NTP server with an external NTP server, allow only that specific server. See the ntp.conf(5) manual for more information.
To allow machines within the network to synchronize their clocks with the server, but ensure they are not allowed to configure the server or used as peers to synchronize against, add
instead, where 192.168.1.0
is an IP address on
the network and 255.255.255.0
is the network's
netmask.
The /etc/ntp.conf
file can contain
multiple restrict
options. For more
details, see the Access Control Support
subsection of ntp.conf(5).
To ensure the NTP server is started at boot time, add the
line ntpd_enable="YES"
to
/etc/rc.conf
. To pass
additional flags to ntpd(8), edit the
ntpd_flags
parameter in
/etc/rc.conf
.
To start the server without rebooting the machine, run
ntpd
being sure to specify any additional
parameters from ntpd_flags
in
/etc/rc.conf
. For example:
#
ntpd -p /var/run/ntpd.pid
The ntpd(8) program does not need a permanent
connection to the Internet to function properly. However, if
there is a temporary connection that is configured to dial out
on demand, it is a good idea to prevent NTP traffic from
triggering a dial out or keeping the connection alive. PPP
users can use the filter
directives in /etc/ppp/ppp.conf
. For
example:
For more details see the PACKET
FILTERING
section in ppp(8) and the examples
in /usr/share/examples/ppp/
.
Some Internet access providers block low-numbered ports, preventing NTP from functioning since replies never reach the machine.
This, and other documents, can be downloaded from http://ftp.FreeBSD.org/pub/FreeBSD/doc/
For questions about FreeBSD, read the
documentation before
contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.