Paging anyone from ntpd.org
Seth Mattinen
sethm at rollernet.us
Tue Dec 31 15:21:24 UTC 2019
On 12/31/19 1:32 AM, Harlan Stenn wrote:
> On 12/30/2019 8:32 PM, Seth Mattinen wrote:
>> On 12/30/19 8:22 PM, Seth Mattinen wrote:
>>> Is anyone from ntpd.org on here? You're pointing DNS at me for some
>>> reason. That zone (ntpd.org) isn't in our system. Your NS looks odd
>>> too, *.darkness-reigns.net and .nl? Is that legit? I don't know what
>>> it was before because I've never looked, but that seems off.
>>>
>>>
>>
>> nevermind, I'm tired and confused ntpd.org with ntp.org. Just going to
>> wildcard *.ntpd.org to 127.0.0.1 and go back to sleep.
>
> I did think about replying, saying "Just to be clear, this isn't about
> ntp.org."
>
What I did learn though there are a lot of people configuring their NTP
with servers that are identical to the legitimate *.ntp.org names,
except they're mistyping ntpd instead of ntp. Enough to generate >2Gbps
worth of query traffic (pointed at a DNS server with a 1gbps interface).
I have to admit I'm kind of curious how many unique clients that would
be if I answered back with a working IP address instead of localhost.
More information about the NANOG
mailing list