On Mar 27, 2007, at 3:06 PM, dave morgan wrote: > Hi, > just to let everyone know I have pulled my server from the UK and > EU DNS pools for the time being, as my network link cannot handle > the traffic peaks. I have 8Mbit down 512Kbit up, but when the > 10,000 queries a *minute* peaks come in my connection gets > totally unusable.
> > For the last hour I have not been able to pick up email or browse > the web due to connection timeouts, this seem to happen each time > I get more than about 3,000 queries a minute coming in. Are you sure that the NTP traffic is the cause of your problems? While it is clear that there are abusive clients using your server (and mine, and just about everybody elses) it's not clear to me how that abuse is causing trouble. I do have greater bandwidth capacity and about 1/3 of the number of requests you are handling, so I don't rule out that NTP is your problem, but I am skeptical. > I am not actually turning the server off, just the DNS pool > access to it, until things get better. There are other things that you could try first. (1) Instead of removing it from the pool (which may take a long time to help you anyway) you could downgrade your connection speed listed in the pool. (2) If you are using the ISC ntpd, you can use its rate limiting features. I have # set up rate limiting discard restrict default limited kod in my /etc/ntp.conf (3) You can try to educate admins of abusive networks. I send off a boiler plate email that points them to http://www.goldmark.org/netrants/ntp-abuse/ By the way, if anyone has comments on that newly minted document, please let me know. (4) You can block abusive nets at your firewall. Now (2) and (4) aren't going to reduce inbound traffic from badly misconfigured clients, but it will certainly reduce outbound traffic and probably will reduce inbound to some degree. I've only tried (3) three times and so far have two successes. Cheers -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/ _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
