On Mar 3, 2009, at 7:53, der Mouse wrote: > I'm now collecting data from my own pool host to see if I see > similar spikes in people fetching time.
I don't think you will; as Nelson said then most of the actual clients are (for better or worse) doing a few DNS lookups and then using those IPs for a long long time. The DNS spikes are from ntpdate/sntp clients. Really then the query rates for the DNS is low enough that just a few thousand clients setup to sync on the top of the hour can account for those spikes. > I found my DNS server being abused as a DDoS reflector; someone was > sending queries (for TXT records for aol.com. - why that, I don't > know) (They're hoping you'd resolve it and return the unusually large response to the victim; the usual one they use is NS for "."; but txt for aol.com is bigger...). [...] > My questions for the list are, (1) does this match others' experience? > and (2) what's the list's opinion on whether this is a reasonable > thing > to do on a pool server, and, if so, on my choice of trip point? IIRC then it's not clear if blocking the packets actually help or just make them increase. :-( - ask -- http://develooper.com/ - http://askask.com/ _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
