Hello Dag-Erling On 14.01.2014 14:11, Dag-Erling Sm=F8rgrav wrote: > Garrett Wollman <wollman@bimajority.org> writes: >> For a "pure" client, I would suggest "restrict default ignore" ought >> to be the norm. (Followed by entries to unrestrict localhost over v4 >> and v6.) > > Pure clients shouldn't use ntpd(8). They should use sntp(8) or a > lightweight NTP client like ttsntpd. I think it is a bad advice, then ntpd is much nicer to NTP = servers (mainly the NTP Pool), then sntp is. I am running a few NTP servers which are also in the NTP Pool and = I do volunteer to be also in the tr (Turkey) zone. In Turkey = there is one large telecommunication company with a lot of CPEs = which are doing sntp requests quite often. Even if the IP = addresses for the Pool are rotated quickly, they are all using = the same few DNS server to resolve and those hammering the same = few IP address at the same time. It is quite well visible in my = graphs [1] with the large peaks. The quiet stable ground traffic = is from nice ntpd clients which are distributed evenly on the NTP = Pool. [1] http://www.home4u.ch/ntp/ bye Fabian _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"