Hello Dag-Erling
On 14.01.2014 14:11, Dag-Erling Smørgrav wrote:
Garrett Wollman <woll...@bimajority.org> writes:
For a "pure" client, I would suggest "restrict default ignore" ought
to be the norm. (Followed by entries to unrestrict localhost over v4
and v6.)
Pure clients shouldn't use ntpd(8). They should use sntp(8) or a
lightweight NTP client like ttsntpd.
I think it is a bad advice, then ntpd is much nicer to NTP
servers (mainly the NTP Pool), then sntp is.
I am running a few NTP servers which are also in the NTP Pool and
I do volunteer to be also in the tr (Turkey) zone. In Turkey
there is one large telecommunication company with a lot of CPEs
which are doing sntp requests quite often. Even if the IP
addresses for the Pool are rotated quickly, they are all using
the same few DNS server to resolve and those hammering the same
few IP address at the same time. It is quite well visible in my
graphs [1] with the large peaks. The quiet stable ground traffic
is from nice ntpd clients which are distributed evenly on the NTP
Pool.
[1] http://www.home4u.ch/ntp/
bye
Fabian
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
