I have submitted a patch to the distributed ntp.conf to enable ntpd pool client functionality. This was not possible in the ancient version of ntpd shipped with FreeBSD releases over the past several years.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201803 Essentially this gives you a larger set of DYNAMIC servers from the pool. If ntpd decides one of the configured servers has become unreliable it will drop it and configure a new one. Also, there is a 'restrict source' command which provides template access restrictions for upstream servers. When a server is dynamically configured, a dynamic restrict entry is created for it from the 'restrict source' template. When a server is dynamically removed, its 'restrict' entry is also removed. This is the result on a 10.2-BETA2 (r285783) server. rwsrv02> ntpq -np remote refid st t when poll reach delay offset jitter ============================================================================== 0.freebsd.pool. .POOL. 16 p - 64 0 0.000 0.000 0.004 1.freebsd.pool. .POOL. 16 p - 64 0 0.000 0.000 0.004 2.freebsd.pool. .POOL. 16 p - 64 0 0.000 0.000 0.004 +125.255.139.115 130.194.1.96 2 u 27 128 377 43.168 -5.505 0.924 +203.23.237.200 203.35.83.242 2 u 26 128 377 29.877 -4.786 0.749 -121.0.0.42 23.31.237.112 3 u 212 256 377 46.560 -2.756 5.783 *54.252.165.245 202.21.137.10 2 u 25 128 377 30.060 -4.859 0.783 -2001:418:3ff::1 204.123.2.72 2 u 165 256 377 173.324 -1.592 1.651 -2001:df0:fe:2:: 130.102.2.123 3 u 106 256 377 44.177 4.080 3.690 +130.102.2.123 216.218.254.202 2 u 20 128 377 46.288 -4.332 1.416 The same server running an un-patched ntp.conf looks like this. rwsrv02> ntpq -np remote refid st t when poll reach delay offset jitter ============================================================================== *54.252.165.245 202.21.137.10 2 u 32 64 17 31.100 -7.764 3.887 +202.127.210.37 130.102.2.123 3 u 32 64 17 40.181 2.001 2.074 +2001:df0:fe:2:: 130.102.2.123 3 u 32 64 17 45.974 2.414 2.502 -- John Marshall
pgp2bX3AHP32o.pgp
Description: PGP signature