Ask Bjørn Hansen wrote:
On May 9, 2006, at 1:32, Rob Janssen wrote:
I don't mind serving time to a thousand clients that ask once every
1-15 minutes, but I am a bit worried that by publishing my address in
the pool it could be DOS'ed at any time without possible recourse.
Does an extra request (or even five or ten) per second DOS your
server? 5 requests per second is what? ~3Kbit?
Well, I got five or ten requests per second from those people alone....
I agree that it's annoying, a waste and bad for the pool because it
makes it harder to participate on a DSL connection, but I'm not sure
it's an imminent danger...
You are right, at this rate it would not really be a danger.
What I find a bit worrying is that it is so uncontrollable. There are
so many bad implementations and so many clueless users that you never
know what will happen.
For example, apparently t-online (Germany) is using the eu pool to set
time on client routers. Looking at the traffic it seems like those
routers only set the time once, or maybe they do a DNS lookup for every
setting. So, once in a while the monitor list has hundreds of systems
that made only 1 request and never come back. I would hate to see all
those changing to a scheme where they poll at high rate, e.g. because of
a firmware change...
I think there could be a couple of steps that could be taken to make the
whole pool more robust:
1. implement a more versatile DNS server, that can serve addresses
varying on a per-request basis rather than changing once per hour.
this should distribute the load better, and it can also vary the
response based on the requester address. this could be used to provide
servers more local to the requester (as demonstrated by Guillaume
Filion), but also to handle abusers (although this would be difficult
when they use a caching resolver).
2. try to get more high-volume servers in the pool. some ISPs have NTP
servers (not always of very good quality...), but I don't think many of
them are in the pool.
we could write to ISPs asking them to put their server in the pool.
when we can offer a DNS service that only returns those specific servers
to clients of that ISP, they may be even more willing to do this.
This way the load could be moved more from the home user to the
well-connected high volume servers. This can also improve accuracy by
eliminating jitter usually found on home user connections (especially
important for SNTP clients).
Rob
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
