对于ntp.conf的理解

允许与我们的时间源同步时间,但是不允许源查询或修改这个系统上的服务。

# Permit time synchronization with our time source, but do not

# permit the source to query or modify the service on this system.

restrict default nomodify notrap noquery

restrict -6 default kod nomodify notrap nopeer noquery

环回网卡允许所有访问。这可能收紧,但这样做会有些影响管理功能。

# Permit all access over the loopback interface.  This could

# be tightened as well, but to do so would effect some of

# the administrative functions.

restrict 127.0.0.1

restrict -6 ::1

允许系统在这个网络同步时间服务。不允许修改这些系统配置的服务。此外,不能使用那些系统作为对等体。

# -- CLIENT NETWORK -------

# Permit systems on this network to synchronize with this

# time service.  Do not permit those systems to modify the

# configuration of this service.  Also, do not use those

# systems as peers for synchronization.

# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap禁止ntpdc修改服务器状态，允许内网其他机器同步时间

从pool.ntp.org项目使用公共时间服务器。

# --- OUR TIMESERVERS -----

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).

server 0.centos.pool.ntp.org iburst

server 1.centos.pool.ntp.org

server 2.centos.pool.ntp.org

利用server 设定上层NTP服务器，格式如下：

server [IP or hostname] [prefer]

perfer:表示优先级最高

burst ：当一个运程NTP服务器可用时，向它发送一系列的并发包进行检测。

iburst ：当一个运程NTP服务器不可用时，向它发送一系列的并发包进行检测。

注：默认情况小15分钟后才会与上层NTP服务器进行时间校对。.

# --- NTP MULTICASTCLIENT ---多播

#multicastclient

# listen on default 224.0.1.1  # multicast server 其中IP为NTP固定组播地址

# restrict 224.0.1.1 mask 255.255.255.255 nomodify notrap

# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

#broadcast 192.168.1.255 autokey        # broadcast server

#broadcastclient                        # broadcast client

#broadcast 224.0.1.1 autokey            # multicast server 其中IP为NTP固定组播地址

#multicastclient 224.0.1.1              # multicast client

#manycastserver 239.255.254.254         # manycast server

#manycastclient 239.255.254.254 autokey # manycast client

没有驯服的本地时钟。这是一个假的驱动程序用于备份,在没有外部来源的同步时间是可用的。默认层通常是3,但在这种情况下,我们选择使用层0。由于服务器没有选择关键字,这个驱动程序从未用于同步时间,除非没有其他同步源。如果本地主机控制的一些外部来源,如外部振荡器或另一个协议,选择关键字会导致本地主机无视所有其他同步源,除非内核修改正在使用和声明一个同步的条件。

# --- GENERAL CONFIGURATION ---

# Undisciplined Local Clock. This is a fake driver intended for backup

# and when no outside source of synchronized time is available. The

# default stratum is usually 3, but in this case we elect to use stratum

# 0. Since the server line does not have the prefer keyword, this driver

# is never used for synchronization, unless no other other

# synchronization source is available. In case the local host is

# controlled by some external source, such as an external oscillator or

# another protocol, the prefer keyword would cause the local host to

# disregard all other synchronization sources, unless the kernel

# modifications are in use and declare an unsynchronized condition.

#

#server 127.127.1.0     # local clock

fudge   127.127.1.0 stratum 10

#skate add

server 192.168.2.29 prefer

#skate add

漂移文件。把这个守护进程可以写在目录中。

不允许符号链接,因为守护进程更新文件，在相同的目录中,然后通过创建一个临时的重命名()的rename()'ing文件。

# Drift file.  Put this in a directory which the daemon can write to.

# No symbolic links allowed, either, since the daemon updates the file

# by creating a temporary in the same directory and then rename()'ing

# it to the file.

#

driftfile /var/lib/ntp/drift

broadcastdelay  0.008

#

以driftfile记录BIOS与上层Time Server时间差异，关于文件名必须要知道以下几点：driftfile后面接的文件需要使用完整路径的文件名；该文件不能是链接文件；该文件需要设置成ntpd这个守护进程可以写入的权限；该文件所记录的数值单位为百万分之一秒（ppm）

密钥文件。如果你想骗取您在运行时的服务器,使用一个键文件(600模式)和定义的关键数字

用于发出请求。

# Keys file.  If you want to diddle your server at run time, make a

# keys file (mode 600 for sure) and define the key number to be

# used for making requests.

#

在这里请不要使用默认值。选择你自己的,还是远程的

系统可以调整时钟。还请注意, ntpd启动a标志,禁用认证,将会被删除。

# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote

# systems might be able to reset your clock at will. Note also that

# ntpd is started with a -A flag, disabling authentication, that

# will have to be removed as well.

#

keys            /etc/ntp/keys