Re: Paging anyone from ntpd.org

[Seth Mattinen <sethm () rollernet us>]

On 12/31/19 1:32 AM, Harlan Stenn wrote:
> On 12/30/2019 8:32 PM, Seth Mattinen wrote:
> > On 12/30/19 8:22 PM, Seth Mattinen wrote:
> > > Is anyone from ntpd.org on here? You're pointing DNS at me for some
> > > reason. That zone (ntpd.org) isn't in our system. Your NS looks odd
> > > too, *.darkness-reigns.net and .nl? Is that legit? I don't know what
> > > it was before because I've never looked, but that seems off.
> >
> > nevermind, I'm tired and confused ntpd.org with ntp.org. Just going to
> > wildcard *.ntpd.org to 127.0.0.1 and go back to sleep.
>
> I did think about replying, saying "Just to be clear, this isn't about
> ntp.org."


What I did learn though there are a lot of people configuring their NTP 
with servers that are identical to the legitimate *.ntp.org names, 
except they're mistyping ntpd instead of ntp. Enough to generate >2Gbps 
worth of query traffic (pointed at a DNS server with a 1gbps interface).

I have to admit I'm kind of curious how many unique clients that would 
be if I answered back with a working IP address instead of localhost.