Add subsection describing NTP (Network Time Protocol)

svn path=/head/; revision=10863
2001-10-02 12:50:00 +00:00 · 2001-10-02 12:50:00 +00:00 · 0332b5bc7d · 2020-12-08 03:00:23 +00:00
commit 0332b5bc7d
parent 950b084ea1
1 changed files with 208 additions and 1 deletions
--- a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
@ -1,7 +1,7 @@
 <!--
     The FreeBSD Documentation Project

-     $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.97 2001/09/21 22:18:39 chern Exp $
+     $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.98 2001/10/02 05:45:00 ue Exp $
 -->

 <chapter id="advanced-networking">
@ -4079,6 +4079,213 @@ www             IN CNAME        @</programlisting>
    </sect2>
  </sect1>

+  <sect1 id="ntp">
+    <sect1info>
+      <authorgroup>
+	<author>
+	  <firstname>Tom</firstname>
+	  <surname>Hukins</surname>
+	  <contrib>Contributed by </contrib>
+	</author>
+      </authorgroup>
+    </sect1info>
+    <title>NTP</title>
+
+    <sect2>
+      <title>Overview</title>
+      <indexterm><primary>NTP (Network Time Protocol)</primary></indexterm>
+
+      <para>Over time, a computer's clock is prone to drift.  As time
+	passes, the computer's clock becomes less accurate.  NTP
+	(Network Time Protocol) is one way to ensure your clock is
+	right.</para>
+	
+      <para>Many Internet services rely on, or greatly benefit from,
+	computers' clocks being accurate.  For example, a Web server
+	may receive requests to send a file if it has modified since a
+	certain time.  Services such as &man.cron.8; run commands at a
+	given time.  If the clock is inaccurate, these commands may
+	not run when expected.</para>
+
+      <indexterm><primary>ntpd</primary></indexterm>
+      <para>FreeBSD ships with the &man.ntpd.8; NTP server which can
+	be used to query other NTP servers to set the clock on your
+	machine or provide time services to others.</para>
+    </sect2>
+
+    <sect2>
+      <title>Choosing appropriate NTP servers</title>
+
+      <para>In order to synchronize your clock, you will need to find
+	one or more NTP servers to use.  Your network administrator or
+	ISP may have setup an NTP server for this purpose&mdash;check
+	their documentation to see if this is the case.  There is a
+	<ulink
+	url="http://www.eecis.udel.edu/~mills/ntp/servers.htm">list of
+	publicly accessible NTP servers</ulink> which you can use to
+	find an NTP server near to you.  Make sure you are aware of
+	the policy for any servers you choose, and ask for permission
+	if required.</para>
+
+      <para>Choosing several unconnected NTP servers is a good idea in
+	case one of the servers you are using becomes unreachable or
+	its clock is unreliable.  &man.ntpd.8; uses the responses it
+	receives from other servers intelligently&mdash;it will favor
+	unreliable servers less than reliable ones.</para>
+    </sect2>
+
+    <sect2>
+      <title>Configuring your machine</title>
+
+      <sect3>
+	<title>Basic Configuration</title>
+	<indexterm><primary>ntpdate</primary></indexterm>
+
+	<para>If you only wish to synchronize your clock when the
+	  machine boots up, you can use &man.ntpdate.8;.  This may be
+	  appropriate for some desktop machines which are frequently
+	  rebooted and only require infrequent synchronization, but
+	  most machines should run &man.ntpd.8;.</para>
+
+	<para>Using &man.ntpdate.8; at boot time is also a good idea
+	  for machines that run &man.ntpd.8;.  &man.ntpd.8; changes the
+	  clock gradually, whereas &man.ntpdate.8; sets the clock, no
+	  matter how great the difference between a machine's current
+	  clock setting and the correct time.</para>
+
+	<para>To enable &man.ntpdate.8; at boot time, add
+	  <programlisting>ntpdate_enable="YES"</programlisting> to
+	  <filename>/etc/rc.conf</filename>.  You will also need to
+	  specify all servers you wish to synchronize with and any
+	  flags to be passed to &man.ntpdate.8; in
+	  <varname>ntpdate_flags</varname>.</para>
+      </sect3>
+
+      <sect3>
+	<indexterm><primary>ntp.conf</primary></indexterm>
+	<title>General Configuration</title>
+
+	<para>NTP is configured by the
+	  <filename>/etc/ntp.conf</filename> file in the format
+	  described in &man.ntp.conf.5;.  Here is a simple
+	  example:</para>
+
+	<programlisting>server ntplocal.example.com prefer
+server timeserver.foobardomain.org
+server ntp2a.example.net
+
+driftfile /var/db/ntp.drift</programlisting>
+
+	<para>The <literal>server</literal> option specifies which
+	  servers are to be used, with one server listed on each line.
+	  If a server is specified with the <literal>prefer</literal>
+	  argument, as with <hostid
+	  role="fqdn">ntplocal.example.com</hostid>, that server is
+	  preferred over other servers.  A response from a preferred
+	  server will be discarded if it differs significantly from
+	  other servers' responses, otherwise it will be used without
+	  any consideration to other responses.  The
+	  <literal>prefer</literal> argument is normally used for NTP
+	  servers that are known to be highly accurate, such as those
+	  with special time monitoring hardware.</para>
+	  
+	<para>The <literal>driftfile</literal> option specifies which
+	  file is used to store the system clock's frequency offset.
+	  &man.ntpd.8; uses this to automatically compensate for the
+	  clock's natural drift, allowing it to maintain a reasonably
+	  correct setting even if it is cut off from all external time
+	  sources for a period of time.</para>
+
+	<para>The <literal>driftfile</literal> option specifies which
+	  file is used to store information about previous responses
+	  from the NTP servers you are using.  This file contains
+	  internal information for NTP.  It should not be modified by
+	  any other process.</para>
+      </sect3>
+
+      <sect3>
+	<title>Controlling access to your server</title>
+
+	<para>By default, your NTP server will be accessible to all
+	  hosts on the Internet.  The <literal>restrict</literal>
+	  option in &man.ntp.conf.5; allows you to control which
+	  machines can access your server.</para>
+
+	<para>If you want to deny all machines from accessing your NTP
+	  server, add the line <programlisting>restrict default ignore</programlisting>
+	  to <filename>/etc/ntp.conf</filename>.  If you only want to
+	  allow machines within your own network to synchronize their
+	  clocks with your server, but ensure they are not allowed to
+	  configure the server or used as peers to synchronize
+	  against, add <programlisting>restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap</programlisting>
+	  instead, where <hostid role="ipaddr">192.168.1.0</hostid> in
+	  an IP address on your network and <hostid
+	  role="netmask">255.255.255.0</hostid> is your network's
+	  netmask.</para>
+
+	<para><filename>/etc/ntp.conf</filename> can contain multiple
+	  <literal>restrict</literal> options.  For more details, see
+	  the <literal>Access Control Support</literal> subsection of
+	  &man.ntp.conf.5;.</para>
+      </sect3>
+    </sect2>
+
+    <sect2>
+      <title>Running the NTP server</title>
+
+      <para>To ensure the NTP server is started at boot time, add the
+	line <programlisting>xntpd_enable="YES"</programlisting> to
+	<filename>/etc/rc.conf</filename>.  If you wish to pass
+	additional flags to &man.ntpd.8; edit the
+	<varname>xntpd_flags</varname> parameter in
+	<filename>/etc/rc.conf</filename>.</para>
+
+      <para>To start the server without rebooting your machine, run
+	<command>ntpd</command> being sure to specify any additional
+	parameters from <varname>xntpd_flags</varname> in
+	<filename>/etc/rc.conf</filename>.  For example:</para>
+      <screen>&prompt.root; <userinput>ntpd -p /var/run/ntpd.pid</userinput></screen>
+    </sect2>
+
+    <sect2>
+      <title>Using &man.ntpd.8; with a temporary Internet
+	connection</title>
+
+      <para><command>ntpd</command> does not need a permanent
+	connection to the Internet to function properly.  However, if
+	you have a temporary connection that is configured to dial out
+	on demand, it is a good idea to prevent NTP traffic from
+	triggering a dial out or keeping the connection alive.  If you
+	are using user PPP, you can use <literal>filter</literal>
+	directives in <filename>/etc/ppp/ppp.conf</filename>.  For
+	example:</para>
+
+      <programlisting> set filter dial 0 deny udp src eq 123  # Prevent NTP traffic from initiating dial out
+ set filter dial 1 permit 0 0
+ set filter alive 0 deny udp src eq 123	# Prevent incoming NTP traffic from keeping the connection open
+ set filter alive 1 deny udp dst eq 123	# Prevent outgoing NTP traffic from keeping the connection open
+ set filter alive 2 permit 0/0 0/0</programlisting>
+
+      <para>For more details see the <literal>PACKET
+	FILTERING</literal> section in &man.ppp.8; and the examples in
+	<filename>/usr/share/examples/ppp/</filename>.</para>
+
+      <note>
+	<para>Some Internet access providers block low-numbered ports,
+	  preventing NTP from from functioning since replies never
+	  reach your machine.</para>
+      </note>
+    </sect2>
+
+    <sect2>
+      <title>Further Information</title>
+
+      <para>Documentation for the NTP server can be found in
+	<filename>/usr/share/doc/ntp/</filename> in HTML
+	format.</para>
+    </sect2>
+  </sect1>
+
  <sect1 id="natd">
    <sect1info>
      <authorgroup>