My experience is that when you are concerned about too much traffic and/or abuse you should never limit the query rate and issue KOD packets at the same time.
Why? Because KOD is a feature that was added later, and many simplistic (S)NTP clients do not understand it. They consider the response invalid, but instead of leaving they will just re-try the request quickly to get a valid response. Of course the same coders that do not implement KOD also do not implement error recovery with decent timers and counters, so you end up sending a lot of KOD packets to abusive clients, many more than when you just answer their requests. I found this the hard way when I tried to limit the query rate, and the limit sometimes triggered because of bursting that some clients use to get an initial time. While those clients would fall back to normal query rates when sent a valid response, they went completely haywire when sent a KOD. The frustrating thing is that remaining silent does not work either, because those broken clients will also just re-try when getting no reply, at a higher rate than when you do reply. Rob _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
