Over time, a computer's clock is prone to drift. The Network Time Protocol (NTP) is one way to ensure the clock stays accurate.
Many Internet services rely on, or greatly benefit from, computers' clocks being accurate. For example, a web server may receive requests to send a file if it has been modified since a certain time. In a local area network environment, it is essential that computers sharing files from the same file server have synchronized clocks so that file timestamps stay consistent. Services such as cron(8) also rely on an accurate system clock to run commands at the specified times.
FreeBSD ships with the ntpd(8) NTP server which can be used to query other NTP servers to set the clock on the machine or provide time services to others.
In order to synchronize the clock, one or more NTP servers must be defined. The network administrator or ISP may have set up an NTP server for this purpose—check their documentation to see if this is the case. There is an online list of publicly accessible NTP servers which may be referenced to find an NTP server nearest to the system. Take care to review the policy for any chosen servers, and ask for permission if required.
Choosing several unconnected NTP servers is a good idea in case one of the servers being used becomes unreachable or its clock is unreliable. ntpd(8) uses the responses it receives from other servers intelligently—it will favor unreliable servers less than reliable ones.
To synchronize the clock only when the machine boots up, use ntpdate(8). This may be appropriate for some desktop machines which are frequently rebooted and only require infrequent synchronization, but most machines should run ntpd(8).
Using ntpdate(8) at boot time is also a good idea for machines that run ntpd(8). The ntpd(8) program changes the clock gradually, whereas ntpdate(8) sets the clock, no matter how great the difference between a machine's current clock setting and the correct time.
To enable ntpdate(8) at boot time, add
ntpdate_enable="YES"
to
/etc/rc.conf
. Also specify all
synchronization servers and any flags to be passed to
ntpdate(8) in ntpdate_flags
.
NTP is configured by the
/etc/ntp.conf
file in the format
described in ntp.conf(5). Here is a simple
example:
The server
option specifies which
servers are to be used, with one server listed on each line.
If a server is specified with the prefer
argument, as with
ntplocal.example.com
, that
server is preferred over other servers. A response from a
preferred server will be discarded if it differs
significantly from other servers' responses, otherwise it
will be used without any consideration to other responses.
The prefer
argument is normally used for
NTP servers that are known to be highly accurate, such as
those with special time monitoring hardware.
The driftfile
option specifies which
file is used to store the system clock's frequency offset.
The ntpd(8) program uses this to automatically
compensate for the clock's natural drift, allowing it to
maintain a reasonably correct setting even if it is cut off
from all external time sources for a period of time.
The driftfile
option specifies which
file is used to store information about previous responses
from the NTP servers being used. This file contains
internal information for NTP. It should not be modified by
any other process.
By default, the NTP server will be accessible to all
hosts on the Internet. The restrict
option in /etc/ntp.conf
controls which machines can access the server.
To deny all machines from accessing the NTP
server, add the following line to
/etc/ntp.conf
:
This will also prevent access from the server to any servers listed in the local configuration. If there is a need to synchronise the NTP server with an external NTP server, allow only that specific server. See the ntp.conf(5) manual for more information.
To allow machines within the network to synchronize their clocks with the server, but ensure they are not allowed to configure the server or used as peers to synchronize against, add
instead, where
192.168.1.0
is an IP address
on the network and
255.255.255.0
is the
network's netmask.
The /etc/ntp.conf
file can contain
multiple restrict
options. For more
details, see the Access Control Support
subsection of ntp.conf(5).
To ensure the NTP server is started at boot time, add the
line ntpd_enable="YES"
to
/etc/rc.conf
. To pass
additional flags to ntpd(8), edit the
ntpd_flags
parameter in
/etc/rc.conf
.
To start the server without rebooting the machine, run
ntpd
being sure to specify any additional
parameters from ntpd_flags
in
/etc/rc.conf
. For example:
#
ntpd -p /var/run/ntpd.pid
The ntpd(8) program does not need a permanent
connection to the Internet to function properly. However, if
there is a temporary connection that is configured to dial out
on demand, it is a good idea to prevent NTP traffic from
triggering a dial out or keeping the connection alive. PPP
users can use the filter
directives in /etc/ppp/ppp.conf
. For
example:
For more details see the
PACKET FILTERING
section in ppp(8) and
the examples in
/usr/share/examples/ppp/
.
Some Internet access providers block low-numbered ports, preventing NTP from functioning since replies never reach the machine.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.