At 11:47 PM -0400 4/11/06, Brian Dickson wrote:
Two concrete technical suggestions to mitigate the volunteered NTP server's usage issues at the DIX:
(1) Have someone else anycast the DIX block, and NAT the incoming NTP requests to another NTP stratum-1 server (eg pool address(es)).
Or a much better idea:
(2) Renumber into a new /24, which is announced only at the DIX with no-export, so that only DIX members are able to reach the server - as was the intended usage of this NTP server in the first place.
All these messages for a device that: - probably uses ntp for internal log cacheing - is a home/SOHO device - a box that can't be chimed - has ntp on the wan port only http://support.dlink.com/faq/view.asp?prod_id=1228&question=DI-604%20/%20DI-524_revD%20/%20DI-524_revE%20/%20DI-614+%20/%20DI-624%20/%20DI-754%20/%20DI-764%20/%20DI-774%20/%20DI-614+_revB%20/%20DI-604_revE%20/%20DI-774_revB%20/%20Di-784%20/%20DI-514 http://www.support.dlink.com/faq/view.asp?prod_id=1983&question=configure+ntp I wonder who DNS servers they embedded. -M< -- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations hannigan@renesys.com