| |
|
Domain Registration -
Domain registration & domain search service from just
$5.95/year only |
|
|
|
Webhosting Service -
Webhosting service for single or multiple domain names at affordable price. |
|
|
Back to Index
|
Contributed by Tom Hukins.
Over time, a computer's clock is prone to drift. As time passes, the computer's clock
becomes less accurate. NTP (Network Time Protocol) is one way to ensure your clock is
right.
Many Internet services rely on, or greatly benefit from, computers' clocks being
accurate. For example, a Web server may receive requests to send a file if it has
modified since a certain time. Services such as cron(8) run commands
at a given time. If the clock is inaccurate, these commands may not run when
expected.
FreeBSD ships with the ntpd(8) NTP server
which can be used to query other NTP servers to set the clock on your machine or provide
time services to others.
In order to synchronize your clock, you will need to find one or more NTP servers to
use. Your network administrator or ISP may have set up an NTP server for this
purpose--check their documentation to see if this is the case. There is a list of publicly
accessible NTP servers which you can use to find an NTP server near to you. Make sure
you are aware of the policy for any servers you choose, and ask for permission if
required.
Choosing several unconnected NTP servers is a good idea in case one of the servers you
are using becomes unreachable or its clock is unreliable. ntpd(8) uses the
responses it receives from other servers intelligently--it will favor unreliable servers
less than reliable ones.
If you only wish to synchronize your clock when the machine boots up, you can use ntpdate(8). This may
be appropriate for some desktop machines which are frequently rebooted and only require
infrequent synchronization, but most machines should run ntpd(8).
Using ntpdate(8) at boot
time is also a good idea for machines that run ntpd(8). The ntpd(8) program
changes the clock gradually, whereas ntpdate(8) sets the
clock, no matter how great the difference between a machine's current clock setting and
the correct time.
To enable ntpdate(8) at boot
time, add ntpdate_enable="YES" to /etc/rc.conf. You will also need to specify all servers you wish to
synchronize with and any flags to be passed to ntpdate(8) in ntpdate_flags.
NTP is configured by the /etc/ntp.conf file in the format
described in ntp.conf(5). Here is a
simple example:
server ntplocal.example.com prefer
server timeserver.example.org
server ntp2a.example.net
driftfile /var/db/ntp.drift
The server option specifies which servers are to be used,
with one server listed on each line. If a server is specified with the prefer argument, as with ntplocal.example.com, that server is preferred over other servers. A
response from a preferred server will be discarded if it differs significantly from other
servers' responses, otherwise it will be used without any consideration to other
responses. The prefer argument is normally used for NTP
servers that are known to be highly accurate, such as those with special time monitoring
hardware.
The driftfile option specifies which file is used to store
the system clock's frequency offset. The ntpd(8) program uses
this to automatically compensate for the clock's natural drift, allowing it to maintain a
reasonably correct setting even if it is cut off from all external time sources for a
period of time.
The driftfile option specifies which file is used to store
information about previous responses from the NTP servers you are using. This file
contains internal information for NTP. It should not be modified by any other
process.
By default, your NTP server will be accessible to all hosts on the Internet. The restrict option in /etc/ntp.conf allows
you to control which machines can access your server.
If you want to deny all machines from accessing your NTP server, add the following
line to /etc/ntp.conf:
restrict default ignore
If you only want to allow machines within your own network to synchronize their clocks
with your server, but ensure they are not allowed to configure the server or used as
peers to synchronize against, add
restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
instead, where 192.168.1.0 is an IP address on your network
and 255.255.255.0 is your network's netmask.
/etc/ntp.conf can contain multiple restrict options. For more details, see the Access Control Support subsection of ntp.conf(5).
To ensure the NTP server is started at boot time, add the line xntpd_enable="YES" to /etc/rc.conf. If
you wish to pass additional flags to ntpd(8), edit the xntpd_flags parameter in /etc/rc.conf.
To start the server without rebooting your machine, run ntpd
being sure to specify any additional parameters from xntpd_flags in /etc/rc.conf. For
example:
# ntpd -p /var/run/ntpd.pid
Note: Under FreeBSD 5.X, various options in /etc/rc.conf have been renamed. Thus, you have to replace every
instance of xntpd with ntpd in the
options above.
The ntpd(8) program does
not need a permanent connection to the Internet to function properly. However, if you
have a temporary connection that is configured to dial out on demand, it is a good idea
to prevent NTP traffic from triggering a dial out or keeping the connection alive. If you
are using user PPP, you can use filter directives in /etc/ppp/ppp.conf. For example:
set filter dial 0 deny udp src eq 123
# Prevent NTP traffic from initiating dial out
set filter dial 1 permit 0 0
set filter alive 0 deny udp src eq 123
# Prevent incoming NTP traffic from keeping the connection open
set filter alive 1 deny udp dst eq 123
# Prevent outgoing NTP traffic from keeping the connection open
set filter alive 2 permit 0/0 0/0
For more details see the PACKET FILTERING section in ppp(8) and the
examples in /usr/share/examples/ppp/.
Note: Some Internet access providers block low-numbered ports, preventing NTP
from functioning since replies never reach your machine.
Documentation for the NTP server can be found in /usr/share/doc/ntp/ in HTML format.
|
|
|
|
© 2002-2004 Active-Venture.com
Website Hosting
Service
|
| |
|
Disclaimer: This
documentation is provided only for the benefits of our website hosting customers.
For authoritative source of the documentation, please refer to http://www.freebsd.org
|
|
|
