ntp/templates/ntp.conf

#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10  

server fr.pool.ntp.org

#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /var/lib/ntp/drift
multicastclient                 # listen on default 224.0.1.1
broadcastdelay  0.008

# http://www.kb.cert.org/vuls/id/348126
restrict default nomodify notrap nopeer noquery
restrict -6 default nomodify notrap nopeer noquery
# https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300
disable monitor

#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will.
#
#keys           /etc/ntp/keys
#trustedkey     65535
#requestkey     65535
#controlkey     65535

#restrict default ignore
1	misc	18	#
2			# Undisciplined Local Clock. This is a fake driver intended for backup
3			# and when no outside source of synchronized time is available. The
4			# default stratum is usually 3, but in this case we elect to use stratum
5			# 0. Since the server line does not have the prefer keyword, this driver
6			# is never used for synchronization, unless no other other
7			# synchronization source is available. In case the local host is
8			# controlled by some external source, such as an external oscillator or
9			# another protocol, the prefer keyword would cause the local host to
10			# disregard all other synchronization sources, unless the kernel
11			# modifications are in use and declare an unsynchronized condition.
12			#
13			server 127.127.1.0 # local clock
14			fudge 127.127.1.0 stratum 10
15
16			server fr.pool.ntp.org
17
18			#
19			# Drift file. Put this in a directory which the daemon can write to.
20			# No symbolic links allowed, either, since the daemon updates the file
21			# by creating a temporary in the same directory and then rename()'ing
22			# it to the file.
23			#
24			driftfile /var/lib/ntp/drift
25			multicastclient # listen on default 224.0.1.1
26			broadcastdelay 0.008
27
28	boklm	3399	# http://www.kb.cert.org/vuls/id/348126
29			restrict default nomodify notrap nopeer noquery
30			restrict -6 default nomodify notrap nopeer noquery
31			# https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300
32			disable monitor
33
34	misc	18	#
35			# Keys file. If you want to diddle your server at run time, make a
36			# keys file (mode 600 for sure) and define the key number to be
37			# used for making requests.
38			# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
39			# systems might be able to reset your clock at will.
40			#
41			#keys /etc/ntp/keys
42			#trustedkey 65535
43			#requestkey 65535
44			#controlkey 65535
45
46			#restrict default ignore