Vyos NTP Config not showing in /etc/ntp.conf

I make changes to the ntp config in vyos and it does not appear to show up in the /etc/ntp.conf , I noticed this after I went into the file to tune the ntp settings. I have removed all the ntp.org servers from the config and added our internal servers but the ntp.org servers persist and ours do not show up. I am running VyOS 1.4-rolling-202104051959. Any ideas?

cat /etc/ntp.conf

/etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift

Leap seconds definition provided by tzdata

leapfile /usr/share/zoneinfo/leap-seconds.list

Enable this if you want statistics to be logged.

#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

You do need to talk to an NTP server or two (or three).

#server ntp.your-provider.example

pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will

pick a different set every time it starts up. Please consider joining the

pool: http://www.pool.ntp.org/join.html

pool 0.debian.pool.ntp.org iburst
pool 1.debian.pool.ntp.org iburst
pool 2.debian.pool.ntp.org iburst
pool 3.debian.pool.ntp.org iburst

Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for

details. The web page http://support.ntp.org/bin/view/Support/AccessRestrictions

might also be helpful.

Note that “restrict” applies to both servers and clients, so a configuration

that might be intended to block requests from certain clients could also end

up blocking replies from your own upstream servers.

By default, exchange time with everybody, but don’t allow configuration.

restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

Local users may interrogate the ntp server more closely.

restrict ::1

Needed for adding pool entries

restrict source notrap nomodify noquery

Clients from this (example!) subnet have unlimited access, but only if

cryptographically authenticated.

#restrict mask notrust

If you want to provide time to your local subnet, change the next line.

(Again, the address is an example only.)


If you want to listen to time broadcasts on your local subnet, de-comment the

next lines. Please do this only if you trust everybody on the network!

#disable auth

VyOS makes ntpd use /run/ntpd/ntpd.conf:

vyos@vyos:~$ ps ax | grep ntpd
   1905 ?        Ssl    0:00 /usr/sbin/ntpd -g -p /run/ntpd/ntpd.pid -c /run/ntpd/ntpd.conf -u ntp:ntp

I don’t see any issues.

vyos@r1-roll:~$ show conf com | match ntp
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net


vyos@r1-roll:~$ sudo cat /run/ntpd/ntpd.conf 
### Autogenerated by ntp.py ###

# Non-configurable defaults
driftfile /var/lib/ntp/ntp.drift
# By default, only allow ntpd to query time sources, ignore any incoming requests
restrict default noquery nopeer notrap nomodify
# Local users have unrestricted access, allowing reconfiguration via ntpdc
restrict -6 ::1

# Configurable section
server 0.pool.ntp.org iburst   
server 1.pool.ntp.org iburst   
server 2.pool.ntp.org iburst   
server time1.vyos.net iburst   
server time2.vyos.net iburst   
server time3.vyos.net iburst