Some more notes from me on this one. Has anyone noticed the traffic is quite spiky?
Queries/traffic can be sustained for a while (few minutes) at a high rate, then drop back. Possibly lots of devices, all being given the same DNS answer and using it for a period? Also traffic from the same source IP (but different ports) is hitting multiple servers in the pool, which I believe confirms these IP's are large NAT/CGN gateways with many clients behind. It feels to me like a modem/router/phone/device (and a lot of them) has had an update recently and has started using br.pool.ntp.org for time. Or alternatively these devices were there previously querying, but a network ACL is dropping the replies to them and they keep retrying and generating requests. I know Matt mentioned the 3G angle, and it looks like a mobile only operator is a large source of requests, however I was under the impression that phone handsets didn't use NTP for time sync, the various GSM/3G protocols have their own time sync built in. It's interesting that the traffic is largely sourced from a few subnets across a few carriers/service providers in BR, possibly from devices that were sourced from one carrier and moved around over time? Cheers, Joseph On Thu, May 28, 2015, at 02:13 PM, Matt Wagner wrote: > I'm still seeing 10,000 queries/second, even after reducing my bandwidth _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
