Over time, a computer's clock is prone to drift. The Network Time Protocol (NTP) is one way to ensure your clock stays accurate.
Many Internet services rely on, or greatly benefit from, computers' clocks being accurate. For example, a web server may receive requests to send a file if it has been modified since a certain time. In a local area network environment, it is essential that computers sharing files from the same file server have synchronized clocks so that file timestamps stay consistent. Services such as cron(8) also rely on an accurate system clock to run commands at the specified times.
FreeBSD ships with the ntpd(8) NTP server which can be used to query other NTP servers to set the clock on your machine or provide time services to others.
In order to synchronize your clock, you will need to find one or more NTP servers to use. Your network administrator or ISP may have set up an NTP server for this purpose—check their documentation to see if this is the case. There is an online list of publicly accessible NTP servers which you can use to find an NTP server near to you. Make sure you are aware of the policy for any servers you choose, and ask for permission if required.
Choosing several unconnected NTP servers is a good idea in case one of the servers you are using becomes unreachable or its clock is unreliable. ntpd(8) uses the responses it receives from other servers intelligently—it will favor unreliable servers less than reliable ones.
If you only wish to synchronize your clock when the machine boots up, you can use ntpdate(8). This may be appropriate for some desktop machines which are frequently rebooted and only require infrequent synchronization, but most machines should run ntpd(8).
Using ntpdate(8) at boot time is also a good idea for machines that run ntpd(8). The ntpd(8) program changes the clock gradually, whereas ntpdate(8) sets the clock, no matter how great the difference between a machine's current clock setting and the correct time.
To enable ntpdate(8) at boot time, add
ntpdate_enable="YES"
to
/etc/rc.conf
. You will also need to
specify all servers you wish to synchronize with and any
flags to be passed to ntpdate(8) in
ntpdate_flags
.
NTP is configured by the
/etc/ntp.conf
file in the format
described in ntp.conf(5). Here is a simple
example:
server ntplocal.example.com prefer server timeserver.example.org server ntp2a.example.net driftfile /var/db/ntp.drift
The server
option specifies which
servers are to be used, with one server listed on each line.
If a server is specified with the prefer
argument, as with ntplocal.example.com
, that server is
preferred over other servers. A response from a preferred
server will be discarded if it differs significantly from
other servers' responses, otherwise it will be used without
any consideration to other responses. The
prefer
argument is normally used for NTP
servers that are known to be highly accurate, such as those
with special time monitoring hardware.
The driftfile
option specifies which
file is used to store the system clock's frequency offset.
The ntpd(8) program uses this to automatically
compensate for the clock's natural drift, allowing it to
maintain a reasonably correct setting even if it is cut off
from all external time sources for a period of time.
The driftfile
option specifies which
file is used to store information about previous responses
from the NTP servers you are using. This file contains
internal information for NTP. It should not be modified by
any other process.
By default, your NTP server will be accessible to all
hosts on the Internet. The restrict
option in /etc/ntp.conf
allows you to
control which machines can access your server.
If you want to deny all machines from accessing your NTP
server, add the following line to
/etc/ntp.conf
:
restrict default ignore
If you only want to allow machines within your own network to synchronize their clocks with your server, but ensure they are not allowed to configure the server or used as peers to synchronize against, add
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
instead, where 192.168.1.0
is
an IP address on your network and 255.255.255.0
is your network's
netmask.
/etc/ntp.conf
can contain multiple
restrict
options. For more details, see
the Access Control Support
subsection of
ntp.conf(5).
To ensure the NTP server is started at boot time, add the
line ntpd_enable="YES"
to
/etc/rc.conf
. If you wish to pass
additional flags to ntpd(8), edit the
ntpd_flags
parameter in
/etc/rc.conf
.
To start the server without rebooting your machine, run
ntpd
being sure to specify any additional
parameters from ntpd_flags
in
/etc/rc.conf
. For example:
#
ntpd -p /var/run/ntpd.pid
The ntpd(8) program does not need a permanent
connection to the Internet to function properly. However, if
you have a temporary connection that is configured to dial out
on demand, it is a good idea to prevent NTP traffic from
triggering a dial out or keeping the connection alive. If you
are using user PPP, you can use filter
directives in /etc/ppp/ppp.conf
. For
example:
set filter dial 0 deny udp src eq 123 # Prevent NTP traffic from initiating dial out set filter dial 1 permit 0 0 set filter alive 0 deny udp src eq 123 # Prevent incoming NTP traffic from keeping the connection open set filter alive 1 deny udp dst eq 123 # Prevent outgoing NTP traffic from keeping the connection open set filter alive 2 permit 0/0 0/0
For more details see the PACKET
FILTERING
section in ppp(8) and the examples in
/usr/share/examples/ppp/
.
Some Internet access providers block low-numbered ports, preventing NTP from functioning since replies never reach your machine.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.