Bitbucket wrote:
Anyway I've tried with the default:
| discard average 5 minimum 2
but I got the same result. Four responses are accepted and then it
starts getting marked at -4 or -5.
However, if I remove 'limited' from the restrict line it seems to
work:
The rate limiting in ntpd is not usable.
I have had it enabled for a while, but the mechanism to deal with
bursting false-triggers.
(especially when people use bursting as part of normal operation, not
only initially)
Furthermore, there is no mechanism to remove blocked sites from the
blocklist apart from dropping down from the 600-entry list, which only
happens after a lot of oneshot traffic, or restarting ntpd. As it is
now, I think it cannot be used.
Worse is that some ntp clients exist, including buggy ntpd versions that
have been released in the past, that react to blocking by increasing the
poll frequency. So by blocking certain sites because they poll you too
fast, you actually worsen the problem because they start to poll you
even faster. No matter if you ignore them or send them KOD replies,
they won't get the message.
This is actually a bit worrying, as there is no way to communicate with
the clients and ask them to change their behaviour.
Rob
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
