==== Time server act as server ====

add the following lines to /etc/ntp.conf and restart or start xntpd demon (at restart, uncomment the line xntpd into /etc/rc.tcpip)
<code>
#broadcastclient
server 127.127.1.0
fudge 127.127.1.0 stratum 10
server 10.1.1.150
server 10.1.1.151
driftfile /etc/ntp.drift
tracefile /etc/ntp.trace
</code>

==== Time server client ====

I started the xntpd daemon from smitty xntpd and now its running.
add the following lines to /etc/ntp.conf and restart or start xntpd demon (at restart, uncomment the line xntpd into /etc/rc.tcpip)
<code>
#broadcastclient
server 10.1.1.150 prefer
server 10.1.1.151
driftfile /etc/ntp.drift
tracefile /etc/ntp.trace
</code>

Test connexion between host and time server (test UDP connection on a port using nc instead of telnet which is used for TCP), on AIX you can download it as rpm package:
<cli prompt='#'>
root@timeclient:~# nc -vzu timesrv01 123
timesrv01.mydomain.org [192.168.0.45] 123 (ntp) open
</cli>

==== Logging of NTP ====

There are two basic approaches to how to obtain logs from ntp:

**In configuration file of ntp specify logfile:**
<cli prompt='#'>
logconfig =syncevents +peerevents +sysevents +allclock
logfile /var/log/ntp.log
</cli>

**Directly to the syslog according to facility:**
Add this line to the /etc/ntp.conf
<cli prompt='#'>
logconfig =all
</cli>
Add this line to the /etc/syslog.conf file:
<cli prompt='#'>
daemon.debug   /var/log/syslog.log
</cli>
make sure that file /var/log/syslog.log exists
start/restart syslog via commands 
<cli prompt='#'>
stopsrc -s syslogd 
startsrc -s syslogd
</cli>

==== Slew parameter ====

Slew mode is used to avoid any unwanted time jumps - especially for a Cluster or DB environment. If you only care about preventing time from stepping
backward, then use the "-x" flag. This is the most common scenario. If you want to always slew the clock, then use "slewalways yes" in ntp.conf.

  chssys -s xntpd -a "-x"

and add the following line into  the /etc/ntp.conf:
<cli prompt='#'>
slewalways yes
</cli>

====  Disable NTP mode 6 and 7 queries ====

Access restrictions
  * For version 3 only. NTP mode 6 and 7 queries can be used in denial of service attacks. This document has instructions for disabling support for these queries in the xntpd daemon.
  * Add the following lines to the /etc/ntp.conf file. This disables mode 6 and 7 queries, as well as other vulnerabilities, for all IP addresses, but allows them on the local loopback interface.
<code>
restrict default notrust nomodify nopeer noquery notrap
restrict 127.0.0.1
</code>
  * Add restrict and server entries for each trusted NTP server on the network. This overrides the default setting for the specified servers.
<code>
server 10.11.12.13
restrict 10.11.12.13 nomodify notrap noquery
</code>

Restart xntpd daemon