[ratelimits] Double CPU usage with RRL
Joe Abley
jabley at hopcount.ca
Fri Oct 11 19:57:35 UTC 2013
On 2013-10-11, at 14:38, Vernon Schryver <vjs at rhyolite.com> wrote:
> time.apple.com and similar are a class of frequently resolved domain
> name I'd not thought of.
>
> However, what's the worst that could happen if 50% of requests for
> that domain are dropped and the other 50% are answered with truncated
> responses? You'd hope that Apple's NTP implementation does the right
> thing with DNS failures for NTP as well as NTP server problems.
Apple ships product based on more than just Mac OS, but a data point for that:
[krill:~]% uname -a
Darwin krill 12.5.0 Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64
[krill:~]% ntpdc
ntpdc> peer
remote local st poll reach delay offset disp
=======================================================================
*time.apple.com 199.212.90.44 2 512 7 0.11850 -0.001218 0.13814
ntpdc> ^D
[krill:~]% more /etc/ntp.conf
server time.apple.com
[krill:~]%
> On the third hand, if I were in charge of a large enterprise, I'd
> try to keep NTP and similar traffic inside. Do Apple products
> notice multicast or broadcast NTP service by default?
This OS seems to have shipped with ntp.org ntpd 4.2.6. In principle I would expect that I could configure it however I wanted. The exposed configuration elements through the UI let me configure different time sources, but little more.
Joe
More information about the ratelimits
mailing list