How To Configure NTP Service in FreeBSD

The Network Time Protocol (NTP) is a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks.

If you only wish to synchronize your clock when the machine boots up, you can use ntpdate. This may be appropriate for some desktop machines which are frequently rebooted, but for servers you should run ntpd.

1. Clock Synchronization using ntpdate

Using ntpdate at boot time is also a good idea for machines that run ntpd. The ntpd program changes the clock gradually, whereas ntpdate sets the clock, no matter how great the difference between a machine's current clock setting and the correct time.

To enable ntpdate at boot time, add the following lines to /etc/rc.conf:

ntpdate_enable="YES" # Run ntpdate to sync time on boot
ntpdate_flags="time.nist.gov" # servers: time.nist.gov, timp.mcti.ro, ticks.roedu.net

2. Clock Synchronization using ntpd

NTP is using /etc/ntp.conf file by default. Here is a configuration example:

# The following three servers will give you a random set of three NTP servers geographically close to you.
server 0.freebsd.pool.ntp.org iburst maxpoll 9
server 1.freebsd.pool.ntp.org iburst maxpoll 9
server 2.freebsd.pool.ntp.org iburst maxpoll 9

# If a server loses sync with all upstream servers, NTP clients
# no longer follow that server. The local clock can be configured
# to provide a time source when this happens, but it should usually
# be configured on just one server on a network. For more details see
# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock
# The use of Orphan Mode may be preferable.
server 127.127.1.0
fudge 127.127.1.0 stratum 10

# log file
logfile /var/log/ntpd

# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed.
driftfile /var/db/ntp.drift

By default, your NTP server will be accessible to all hosts on the Internet. The restrict option in /etc/ntp.conf allows you to control which machines can access your server.

If you want to deny all machines from accessing your NTP server, add the following line to /etc/ntp.conf:

restrict default ignore

Note: This will also prevent access from your server to any servers listed in your local configuration. If you need to synchronise your NTP server with an external NTP server you should allow the specific server.

If you only want to allow machines within your own network to synchronize their clocks with your server, but ensure they are not allowed to configure the server or used as peers to synchronize against, add

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

to /etc/ntp.conf.

Note: 192.168.1.0 is an IP address on your network and 255.255.255.0 is your netmask

Access Control Support Example:

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

To ensure the NTP server is started at boot time, add the line ntpd_enable="YES" to /etc/rc.conf.

To start the server without rebooting your machine, run the following command:

# /etc/rc.d/ntpd start

Download config file from here.