| NTPDC(8) | System Manager's Manual (user) | NTPDC(8) | 
ntpdc —
| ntpdc | [ -flags] [-flag[value]] [--option-name[[=|
      ]value]] [ host ...] | 
ntpdc is deprecated. Please use
  ntpq(1ntpqmdoc) instead -
  it can do everything ntpdc used to do, and it does so
  using a much more sane interface.
ntpdc is a utility program used to query
    ntpd(1ntpdmdoc) about
    its current state and to request changes in that state. It uses NTP mode 7
    control message formats described in the source code. The program may be run
    either in interactive mode or controlled using command line arguments.
    Extensive state and statistics information is available through the
    ntpdc interface. In addition, nearly all the
    configuration options which can be specified at startup using ntpd's
    configuration file may also be specified at run time using
    ntpdc.
-4,
    --ipv4Force DNS resolution of following host names on the command line to the IPv4 namespace.
-6,
    --ipv6Force DNS resolution of following host names on the command line to the IPv6 namespace.
-c
    cmd,
    --command=cmdThe following argument is interpreted as an interactive format command and is added to the list of commands to be executed on the specified host(s).
-d,
    --debug-level-D
    number,
    --set-debug-level=number-i,
    --interactiveForce ntpq to operate in interactive mode. Prompts will be written to the standard output and commands read from the standard input.
-l,
    --listpeersPrint a list of the peers known to the server as well as a summary of their state. This is equivalent to the 'listpeers' interactive command.
-n,
    --numericOutput all host addresses in dotted-quad numeric format rather than converting to the canonical host names.
-p,
    --peersPrint a list of the peers known to the server as well as a summary of their state. This is equivalent to the 'peers' interactive command.
-s,
    --showpeersPrint a list of the peers known to the server as well as a summary of their state. This is equivalent to the 'dmpeers' interactive command.
-?,
    --help-!,
    --more-help->
    [cfgfile], --save-opts
    [=cfgfile]-<
    cfgfile,
    --load-opts=cfgfile,
    --no-load-opts--version
    [{v|c|n}]NTPDC_<option-name> or NTPDCThe environmental presets take precedence (are processed later than) the configuration files. The homerc files are "$HOME", and ".". If any of these are directories, then the file .ntprc is searched for within those directories.
ntpdc is executed, each of the requests will be sent
  to the NTP servers running on each of the hosts given as command line
  arguments, or on localhost by default. If no request options are given,
  ntpdc will attempt to read commands from the standard
  input and execute these on the NTP server running on the first host given on
  the command line, again defaulting to localhost when no other host is
  specified. The ntpdc utility will prompt for commands
  if the standard input is a terminal device.
The ntpdc utility uses NTP mode 7 packets
    to communicate with the NTP server, and hence can be used to query any
    compatible server on the network which permits it. Note that since NTP is a
    UDP protocol this communication will be somewhat unreliable, especially over
    large distances in terms of network topology. The
    ntpdc utility makes no attempt to retransmit
    requests, and will time requests out if the remote host is not heard from
    within a suitable timeout time.
The operation of ntpdc are specific to the
    particular implementation of the
    ntpd(1ntpdmdoc) daemon
    and can be expected to work only with this and maybe some previous versions
    of the daemon. Requests from a remote ntpdc utility
    which affect the state of the local server must be authenticated, which
    requires both the remote program and local server share a common key and key
    identifier.
Note that in contexts where a host name is expected, a
    -4 qualifier preceding the host name forces DNS
    resolution to the IPv4 namespace, while a -6
    qualifier forces DNS resolution to the IPv6 namespace. Specifying a command
    line option other than -i or
    -n will cause the specified query (queries) to be
    sent to the indicated host(s) immediately. Otherwise,
    ntpdc will attempt to read interactive format
    commands from the standard input.
>’,
  followed by a file name, to the command line.
A number of interactive format commands are executed entirely
    within the ntpdc utility itself and do not result in
    NTP mode 7 requests being sent to a server. These are described
  following.
?
    command_keywordhelp
    command_keyword?’ will print a list of all the
      command keywords known to this incarnation of
      ntpdc. A ‘?’
      followed by a command keyword will print function and usage information
      about the command. This command is probably a better source of information
      about ntpq(1ntpqmdoc)
      than this manual page.delay
    millisecondshost
    hostnamehostnames
    [yes | no]yes is specified, host names are printed in
      information displays. If no is specified, numeric
      addresses are printed instead. The default is yes,
      unless modified using the command line -n
    switch.keyid
    keyidquitntpdc.passwdtimeout
    millisecondsntpdc
      retries each query once after a timeout, the total waiting time for a
      timeout will be twice the timeout value set.listpeerspeersThe character in the left margin indicates the mode this peer
        entry is operating in. A ‘+’
        denotes symmetric active, a ‘-’
        indicates symmetric passive, a ‘=’
        means the remote server is being polled in client mode, a
        ‘^’ indicates that the server is
        broadcasting to this address, a
        ‘~’ denotes that the remote peer
        is sending broadcasts and a ‘~’
        denotes that the remote peer is sending broadcasts and a
        ‘*’ marks the peer the server is
        currently synchronizing to.
The contents of the host field may be one of four forms. It
        may be a host name, an IP address, a reference clock implementation name
        with its parameter or
        REFCLK(implementation_number,
        parameter). On hostnames
        no only IP-addresses will be displayed.
dmpeerspeers command, except for the character in the
      leftmost column. Characters only appear beside peers which were included
      in the final stage of the clock selection algorithm. A
      ‘.’ indicates that this peer was
      cast off in the falseticker detection, while a
      ‘+’ indicates that the peer made it
      through. A ‘*’ denotes the peer the
      server is currently synchronizing with.showpeer
    peer_address [...]pstats
    peer_address [...]clockstat
    clock_peer_address [...]kerninfoloopinfo
    [oneline | multiline]oneline and multiline
      options specify the format in which this information is to be printed,
      with multiline as the default.sysinfoThe ‘system flags’ show various system flags,
        some of which can be set and cleared by the
        enable and disable
        configuration commands, respectively. These are the
        auth, bclient,
        monitor, pll,
        pps and stats flags. See
        the ntpd(1ntpdmdoc)
        documentation for the meaning of these flags. There are two additional
        flags which are read only, the kernel_pll and
        kernel_pps. These flags indicate the
        synchronization status when the precision time kernel modifications are
        in use. The ‘kernel_pll’ indicates that the local clock is
        being disciplined by the kernel, while the ‘kernel_pps’
        indicates the kernel discipline is provided by the PPS signal.
The ‘stability’ is the residual frequency error remaining after the system frequency correction is applied and is intended for maintenance and debugging. In most architectures, this value will initially decrease from as high as 500 ppm to a nominal value in the range .01 to 0.1 ppm. If it remains high for some time after starting the daemon, something may be wrong with the local clock, or the value of the kernel variable kern.clockrate.tick may be incorrect.
The ‘broadcastdelay’ shows the default broadcast
        delay, as set by the broadcastdelay
        configuration command.
The ‘authdelay’ shows the default authentication
        delay, as set by the authdelay configuration
        command.
sysstatsmemstatsiostatstimerstatsreslistmonlist
    [version]clkbug
    clock_peer_address [...]ntpdc. This can be done
  using the keyid and passwd
  commands, the latter of which will prompt at the terminal for a password to
  use as the encryption key. You will also be prompted automatically for both
  the key number and password the first time a command which would result in an
  authenticated request to the server is given. Authentication not only provides
  verification that the requester has permission to make such changes, but also
  gives an extra degree of protection again transmission errors.
Authenticated requests always include a timestamp in the packet data, which is included in the computation of the authentication code. This timestamp is compared by the server to its receive time stamp. If they differ by more than a small amount the request is rejected. This is done for two reasons. First, it makes simple replay attacks on the server, by someone who might be able to overhear traffic on your LAN, much more difficult. Second, it makes it more difficult to request configuration changes to your server from topologically remote hosts. While the reconfiguration facility will work well with a server on the local host, and may work adequately between time-synchronized hosts on the same LAN, it will work very poorly for more distant hosts. As such, if reasonable passwords are chosen, care is taken in the distribution and protection of keys and appropriate source address restrictions are applied, the run time reconfiguration facility should provide an adequate level of security.
The following commands all make authenticated requests.
addpeer
    peer_address [keyid]
    [version] [prefer]prefer keyword
      indicates a preferred peer (and thus will be used primarily for clock
      synchronisation if possible). The preferred peer also determines the
      validity of the PPS signal - if the preferred peer is suitable for
      synchronisation so is the PPS signal.addserver
    peer_address [keyid]
    [version] [prefer]broadcast
    peer_address [keyid]
    [version] [prefer]unconfig
    peer_address [...]fudge
    peer_address [time1]
    [time2] [stratum]
    [refid]enable
    [auth | bclient |
    calibrate | kernel |
    monitor | ntp |
    pps | stats]disable
    [auth | bclient |
    calibrate | kernel |
    monitor | ntp |
    pps | stats]enable and disable
      configuration file commands of
      ntpd(1ntpdmdoc).
    authbclientcalibratekernelmonitormonlist command or further information. The
          default for this flag is enable.ntpppsstatsrestrict
    address mask
    flag [...]restrict configuration file commands of
      ntpd(1ntpdmdoc).unrestrict
    address mask
    flag [...]delrestrict
    address mask
    [ntpport]readkeystrustedkey
    keyid [...]untrustedkey
    keyid [...]trustedkey and
      untrustedkey configuration file commands of
      ntpd(1ntpdmdoc).authinfotrapsaddtrap
    address [port]
    [interface]clrtrap
    address [port]
    [interface]resetDavid L. Mills, Network Time Protocol (Version 3), RFC1305.
ntpdc utility is a crude hack. Much of the
  information it shows is deadly boring and could only be loved by its
  implementer. The program was designed so that new (and temporary) features
  were easy to hack in, at great expense to the program's ease of use. Despite
  this, the program is occasionally useful.
Please report bugs to http://bugs.ntp.org .
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
| June 23 2020 | NetBSD 10.0 |