# /etc/ntp/ntp.conf

###### servers ######

### external servers
### Their restriction must be lowered with restrict <server> nomodify
# server 10.10.10.10 key 1234 prefer
# server 11.11.11.11 key 5678

### internal reference clock
server 127.127.1.1

### set a high stratum for internal clock
fudge 127.127.1.1 stratum 15

###### access restrictions ######

### by default, ignore all packets from any host
restrict default ignore

### host-dependant restrictions
# according to 'accopt.htm', usable restrictions are :
#  - ignore   : ignore all packets from these hosts
#  - noquery  : these hosts cannot query info nor config.
#  - nomodify : these hosts cannot reconfigure the server.
#  - notrust  : do not sync with these hosts
#  - ntpport  : only accept packets with source port=123

### localhost can only query the daemon
restrict 127.0.0.1 notrust nomodify
# local clock can be trusted, but cannot query configuration nor info
restrict 127.127.1.1 noquery

### some external servers can query us but nothing more.
### This is necessary for every "server" referenced above.
# restrict 10.10.10.0 mask 255.255.255.0 nomodify
# restrict 11.11.11.11 nomodify

### we can also serve these machines
# restrict 12.12.12.12 notrust noquery

### we can also share the time with these peers
# peer 13.13.13.13 key 2345

###### authentication ######
enable auth
keys /etc/ntp/ntp.keys

### these keys indicate which host we allow to sync with.
#trustedkey 1 65534
#trustedkey 1234

# crypto privatekey /etc/ntp/ntpkey publickey /etc/ntp/ntpkey_<hostname> dhparms /etc/ntp/ntpkey_dh
# privatekey /etc/ntp/other_ntpkey
# publickey /etc/ntp/other_ntpkey_<hostname>
# dhparms /etc/ntp/other_ntpkey_dh

# minimum synchronisation messages
logconfig =allsync +allclock

# drift file. May or may not be kept upon reboots
driftfile /var/run/ntp.drift