diff --git a/templates/chrony.conf.j2 b/templates/chrony.conf.j2
index 12f4a2e..581c148 100644
--- a/templates/chrony.conf.j2
+++ b/templates/chrony.conf.j2
@@ -13,6 +13,11 @@ pool {{ ntppool }} iburst
 {% endif %}
 {% endif %}
 
+{% if ansible_os_family == "RedHat" and ansible_distribution_major_version >= "9" %}
+# Use NTP servers from DHCP.
+sourcedir /run/chrony-dhcp
+
+{% endif %}
 {% if chrony_clients is defined %}
 # Ignore stratum in source selection.
 stratumweight 0
@@ -53,9 +58,22 @@ cmdallow ::1
 # Serve time even if not synchronized to a time source.
 #local stratum 10
 
+{% if ansible_os_family == "RedHat" and ansible_distribution_major_version >= "9" %}
+# Require authentication (nts or key option) for all NTP sources.
+#authselectmode require
+
+{% endif %}
 # Specify file containing keys for NTP authentication.
 keyfile /etc/chrony.keys
 
+{% if ansible_os_family == "RedHat" and ansible_distribution_major_version >= "9" %}
+# Save NTS keys and cookies.
+ntsdumpdir /var/lib/chrony
+
+# Insert/delete leap seconds by slewing instead of stepping.
+#leapsecmode slew
+
+{% endif %}
 # Get TAI-UTC offset and leap seconds from the system tz database.
 leapsectz right/UTC