At 11:18 PM -0700 2005-08-24, Ask Bjørn Hansen wrote:
On Aug 24, 2005, at 11:05 PM, wayne wrote:
These spikes appear to be caused by some kind of client that does a
DNS lookup before each query.
It'll be cached by their local nameserver.
However, there are DNS TTL issues, and there are plenty of
screwed-up resolvers out there. And there are plenty of people out
there who think they can write better code to go out and follow the
DNS delegation chain themselves, and by-pass any local resolver that
might exist.
I've certainly worked on code to do that (as the current
maintainer of the DNS debugging utility "doc"), and I've heard of
other programs that do the same. Since setting the "+AA" answer
doesn't mean anything any more, there are some people who think that
they can't tolerate having cached answers, but instead insist on
getting them directly from the authoritative servers themselves.
This really concerns me because the size of the DNS lookup is
actually significantly larger than the size of the NTP packets
and we are going to have a *much* harder time distributing the
load on the name servers.
This is not true.
I think it's a valid concern to keep our eyes on. I am not yet
convinced that this is a serious scaling issue, but it does have the
potential to become one.
It would be very useful to get a better handle on these transient
clients, specifically what OS they're running, and ideally even what
NTP client they have.
If you were running OpenBSD with the filtering firewall package
"pf", you might be able to get some of this information logged for
you automatically -- they have the ability to detect what OS is
running on the machine for the incoming connection, and do different
things depending on what type of OS they are. I would expect you to
be able to log that information fairly easily.
For other platforms, you might have to scan the incoming queries
using something like tcpdump, and then use a tool like nmap to
fingerprint those machines. That's a much heavier-weight solution,
of course.
--
Brad Knowles, <[EMAIL PROTECTED]>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
