A new pre-release version of chrony (4.0-pre3) is out today, with some neat improvements to the client statistics output. Specifically, the
chronyc clients command accepts three new options:
-p, minimum packet threshold
-r, reset client stat counters
-k, replace control stats with NTS stats
The first two will be useful to anyone who uses chronyd for a public-facing time server.
One constant challenge of operating any public service is detecting and reacting to abuse. What happens when some gomer decides to synchronize his clock to your NTP server 100 times a second, or a vendor bug floods you with 20Kpps at random intervals? How — and how quickly — would you notice?
chronyd can be configured to enforce rate limiting, but it still has to receive the packets and decide to ignore them. That's a drain on resources which is better handled by locating abusive hosts and blocking...