xntpd(1M) DG/UX R4.11MU05 xntpd(1M)
NAME
xntpd - Network Time Protocol server
SYNOPSIS
xntpd [ -abl ] [ -c configfile ] [ -f driftfile ] [ -k keyfile ] [ -r
broaddelay ]
where:
configfile Pathname of configuration file; default = /etc/ntp.conf
driftfile Name of file used to record the drift (frequency error)
value
keyfile NTP authentication key file.
broaddelay Default round trip delay (in seconds) to be used when
synchronizing to broadcasts.
DESCRIPTION
Xntpd is a server (daemon) that maintains a UNIX® system's time of
day in agreement with Internet standard time servers. xntpd is a
complete implementation of the Network Time Protocol (NTP) version 3
standard as defined by RFC 1305 and also retains compatibility with
versions 1 and 2 servers as defined by RFC 1059 and RFC 1119.
Xntpd does all computations in fixed-point arithmetic and is entirely
free of floating-point code. The computations done in the protocol
and clock adjustment code are carried out with high precision and
with attention to the details that might introduce systematic bias
into the integrations, to try to maintain an accuracy suitable for
synchronizing with even the most precise external time source.
Ordinarily, xntpd reads its configuration from a file at startup
time. It is also possible to specify a working, though limited,
xntpd configuration entirely on the command line, obviating the need
for a configuration file. This may be particularly appropriate when
xntpd is to be configured as a broadcast client, with all peers being
determined by listening to broadcasts at run time. To display
internal xntpd variables or alter configuration options while the
server is running, use the xntpdc(1M) program.
Command-line Options
-b Listen for broadcast NTP and synchronize to this if
available.
-c Specify an alternate configuration file.
-f Specify the location of the drift file.
-k Specify the location of the file containing NTP
authentication keys for use with the controlkey and
requestkey parameters.
-l Log xntpd actions via the syslog(3C) facility.
-r Specify the default round trip delay (in seconds) to be used
when synchronizing to broadcasts.
Configuration File
Xntpd's configuration file is relatively free format. Comments begin
with a "#" character and extend to the end of the line. Blank lines
are ignored. A configuration statement comprises a keyword followed
by zero or more space- or tab-separated arguments. Configuration
statements cannot be continued over multiple lines. The following
table summarizes the recognized configuration keywords:
+-----------------------------------------------------------------------+
|Category Keyword Description of Task |
|General fudge Adjust the reference clock |
| maxskew Set system maximum skew parameter |
| monitor Turn network monitoring on or off |
| precision Set precision of local timekeeping |
| select Set selection weight algorithm |
| trap Configure a trap receiver |
|Polling broadcast Transmit broadcast NTP |
| broadcastclient Synchronize to broadcast NTP |
| broadcastdelay Set delay for broadcast synchronization |
| peer Poll a host in symmetric active mode |
| server Poll a host in client mode |
|Records driftfile Specify file to record frequency error |
| loopstats Specify file to record loop filter statistics |
| statfile Specify file to record measurement statistics |
|Security authenticate Set authenticate mode* |
| authdelay Set amount of time to encrypt authent. field |
| controlkey Specify key permitting server state changes |
| keys Specify file containing encryption keys |
| requestkey Specify key to permit run-time configuration |
| restrict Restrict access to server features |
| trustedkey Specify encryption key numbers* |
+-----------------------------------------------------------------------+
In the statement descriptions below, the syntax uses square brackets
([]) to delimit optional arguments and a vertical line (|) to
separate alternatives. Arguments can be network numbers (which must
be written in numeric, dotted-quad form), integers, floating point
numbers (when specifying times in seconds), and text strings.
broadcast hostaddress [ version # ]
Request your local server to transmit broadcast NTP to the specified
address. The address is usually for a system on a local network.
Optional arguments are as follows:
version Specify the version number to be used for outgoing NTP
packets. The choices are 1, 2, and 3; 3 is the default.
broadcastclient yes|no
Indicate whether the local server should listen for, and attempt to
synchronize to, broadcast NTP. The default is "no".
broadcastdelay seconds
Specify the default round trip delay to the host whose broadcasts are
being synchronized to. The value is specified in seconds and is
typically (for ethernet) a number between 0.007 and 0.015 seconds.
You can improve this initial estimate by polling each server to
determine a more accurate value. It defaults to 0.008 seconds.
controlkey #
Specify an encryption key number to be used for authenticating
messages making changes to the xntpd server via mode 6 control
messages, in particular, setting leap second indications in a server
with a radio clock. Omitting this statement makes xntpd ignore
control messages that would change the state of the server.
driftfile filename
Specify the file used to record the "drift" ( frequency error) value
xntpd has computed. If the file exists on startup, it is read and
the value used to initialize xntpd's internal value of the frequency
error. The file is then updated once every hour by replacing the old
file with a new one containing the current value of the frequency
error. Note that the file is updated by first writing the current
drift value into a temporary file and then using rename(2) to replace
the old version. This implies that xntpd must have write permission
for the directory the drift file is located in, and that file system
links, symbolic or otherwise, should probably be avoided.
fudge 127.127.1.u [ time1 ]
Adjust the reference clock.
keys filename
Specify the name of a file containing the encryption keys that are to
be used by xntpd.
loopstats filename
Specify the name of the file used to record loop filter statistics.
The same restrictions on the drift file apply to the loop filter
statistics file. Each valid update appends a line such as the
following to the loop file:
48773 10847.650 0.0001307 17.3478 2
The first two fields show the Modified Julian Date (see RFC 1305,
Appendix E) and the time (seconds and fraction past UTC midnight).
The next three fields show the last offset, the current drift
compensation value and the time constant of the loop filter.
maxskew seconds
Set the system maximum skew parameter to the number of seconds given.
The default value is 0.010 seconds. This is a tuning parameter of
use in improving performance when network link conditions are poor,
and should probably not be changed unless your server is to run under
exceptional conditions.
monitor yes|no
Indicate whether to enable traffic monitoring or not. Enabling
monitoring makes xntpd record the origin address of each packet
received, along with a limited amount of additional information, such
as the mode of the request and whether it originated from an NTP
server port or not. To inspect traffic monitoring data, use the
xntpdc(1M) monlist command. The default is "no".
Traffic monitoring makes xntpd use more CPU time and as much as 8.5
kilobytes more memory. Monitoring is normally useful to detect peers
with malfunctioning software or which are sending bogus data. It is
primarily intended for very popular servers that exchange time with
large numbers of peers, though it can also be useful for access
monitoring of local servers if you are willing to accept the
overhead.
peer hostaddress [ version # ]
Specify that the given host is to be polled in "symmetric active"
mode; i.e., the host is requested to provide time to which you might
synchronize. In addition, this command indicates that you are
willing to have the remote host synchronize to your time if need be.
The optional arguments are the same as for broadcast.
precision #
Indicate the precision of local timekeeping. The value is an integer
that is approximately the base 2 logarithm of the local timekeeping
precision in seconds. By default this value is set to -6.
The precision can affect several aspects of server operation and can
be used as a tuning parameter for your synchronization subnet. It
should probably not be changed from the default value, however,
unless there is a good reason to do so.
requestkey #
Specify a 32-bit unsigned integer key number to be used for
authenticating run-time reconfiguration requests. Including no
requestkey statement in the configuration file disables the run-time
reconfiguration facility.
restrict address [ mask numericmask ] [ flag ] ...
Create a general-purpose address-and-mask based restriction list.
The list is sorted by address and by mask, and the list is searched
in this order for matches, with the last match found defining the
restriction flags associated with the incoming packets. The source
address of incoming packets is used for the match, with the 32-bit
address being and'ed with the mask associated with the restriction
entry and then compared with the entry's address (which has also been
and'ed with the mask) to look for a match. Numericmask defaults to
255.255.255.255, meaning that the address is treated as the address
of an individual host. A default entry (address 0.0.0.0, mask
0.0.0.0) is always included and, given the sort algorithm, is always
the first entry in the list. Although address is normally given as a
dotted-quad address, you can use the text string "default" with no
mask option to indicate the default entry.
Flags restrict access; an entry with no flags indicates free access
to the server. The flags are not orthogonal; more restrictive flags
often make less restrictive ones redundant. The flags can generally
be classed into two categories--those that restrict time service and
those that restrict informational queries and run-time server
reconfiguration. You can specify one or more of the following flags:
ignore Ignore all packets from hosts that match this entry.
If this flag is specified, neither queries nor time
server polls will be responded to.
noquery Ignore all NTP mode 6 and 7 packets (i.e., information
queries and configuration requests) from the source.
Time service is not affected.
nomodify Ignore all NTP mode 6 and 7 packets that attempt to
modify the state of the server (i.e., run-time
reconfiguration). Queries that return information are
permitted.
notrap Decline to provide mode 6 control message trap service
to matching hosts. The trap service is a subsystem of
the mode 6 control message protocol that is intended
for use by remote event logging programs.
lowpriotrap
Declare traps set by matching hosts to be low priority.
The number of traps a server can maintain is limited
(the current limit is 3). Traps are usually assigned
on a first come, first served basis, with later trap
requesters being denied service. This flag modifies
the assignment algorithm by allowing low-priority traps
to be overridden by later requests for normal priority
traps.
noserve Ignore NTP packets whose mode is other than 6 or 7. In
effect, time service is denied, though queries may
still be permitted.
nopeer Provide stateless time service to polling hosts, but do
not allocate peer memory resources to these hosts even
if they otherwise might be considered useful as future
synchronization partners.
notrust Treat these hosts normally in other respects, but never
use them as synchronization sources.
ntpport This is actually a match algorithm modifier, rather
than a restriction flag. Its presence causes the
restriction entry to be matched only if the source port
in the packet is the standard NTP UDP port (123).
Default restriction list entries, with the flags "ignore, ntpport",
for each of the local host's interface addresses are inserted into
the table at startup to prevent the server from attempting to
synchronize to its own time. A default entry is also always present,
though if it is otherwise unconfigured no flags are associated with
the default entry (i.e., everything besides your own NTP server is
unrestricted).
The xntpd restriction facility was added to implement the current
access policies of the time servers running on the NSFnet backbone.
While this facility can be otherwise useful for keeping unwanted or
broken remote time servers from affecting your own, it should not be
considered an alternative to the standard NTP authentication
facility. Source-address-based restrictions are easily circumvented
by a determined cracker.
select algorithmnumber
Select the use of one of five selection weight algorithms. The
default is algorithm number 1, which is the algorithm specified in
RFC 1119. Algorithm numbers 2 through 5 select alternative,
experimental selection weighting algorithms, all of which tend to
give a greater degree of trust to either lower stratum and/or lower
delay peers than the standard algorithm.
server hostaddress [ version # ]
Specify that the given host is to be polled in "client" mode; i.e.,
the host is requested to provide time with which you might
synchronize but that you are unwilling to have the remote host
synchronize to your time. The optional arguments are the same as for
broadcast.
statfile filename
Specify the name of the file used to record measurement statistics.
The same restrictions on the drift file apply to the statistics file.
Each valid update appends a line such as the following to the
statistics file:
48773 10847.650 127.127.4.1 9714 -0.001605 0.00000 0.00142
The first two fields show the Modified Julian Date and the time
(seconds and fraction past UTC midnight). The next two fields are
the peer address and status. The final three fields show the offset,
delay and dispersion. A new file is created about once per day using
the original file name with extension .n, where n is the file
generation number.
trap hostaddress [ port portnumber ] [ interface interfaceaddress ]
Configure a trap receiver at the given host address and port number,
sending messages with the specified local interface address. The
default port number is 18447. The default interface address is that
of the local interface through which the message is sent. Note that
on a multihomed host the interface used may vary from time to time
with routing changes.
The trap receiver will generally log event messages and other
information from the server in a log file. While such monitor
programs can also request their own trap dynamically, configuring a
trap receiver ensures that no messages are lost when the server is
started.
Primary Clock Support
On the DG/UX System, xntpd supports one type of reference clock, a
local reference clock. xntpd also supports a special pseudo-clock
used for backup or when no other clock source is available. The
driver is described below.
127.127.1.u - Local synchronization clock driver
This driver doesn't support an actual clock, but rather allows the
server to synchronize to its own clock, in essence to free run
without its stratum increasing to infinity. This can be used to run
an isolated NTP synchronization network where no standard time source
is available, by allowing a free running clock to appear as if it has
external synchronization to other servers. By running the local
clock at an elevated stratum it can also be used to prevent a
server's stratum from rising above a fixed value, this allowing a
synchronization subnet to synchronize to a single local server for
periods when connectivity to the primary servers is lost.
The unit number of the clock (the least significant octet in the
address) must lie in the range 0 through 15 inclusive and is used as
the stratum the local clock will run at. The server, when
synchronized to the local clock, advertises a stratum one greater
than the clock peer's stratum. You can configure more than one local
clock (indeed all 16 units can be active at once), though this hardly
seems useful.
The local clock driver uses only the fudge time1 parameter. This
parameter actually provides read and write access to the local clock
drift compensation register. This value, which actually provides a
fine resolution speed adjustment for the local clock, is settable but
will remain unchanged from any set value when the clock is free
running without external synchronization. The fudge time1 parameter
thus provides a way manually adjust the speed of the clock to
maintain reasonable synchronization with, say, a voice time
announcement. It is actually more useful to manipulate this value
with the xntpdc(1M) program.
FILES
/etc/ntp.conf the default name of the configuration file
/etc/ntp.drift the default name of the drift file
/etc/ntp.keys the default name of the key file
SEE ALSO
ntpdate(1M), ntpq(1M), xntpdc(1M), rename(2), syslog(3C).
Licensed material--property of copyright holder(s)