Two concrete technical suggestions to mitigate the volunteered NTP server's
usage issues at the DIX:
(1) Have someone else anycast the DIX block, and NAT the incoming NTP requests
to another NTP stratum-1 server (eg pool address(es)).
Or a much better idea:
(2) Renumber into a new /24, which is announced only at the DIX with no-export,
so that only DIX members are able to reach the server - as was the intended
usage of this NTP server in the first place.
(The announcment can be made by anyone at the DIX, it is not strictly necessary
that the NTP server be the announcer of the /24. And in fact, it need not be
a /24, as the server should be the only occupant of the block - but it should
not be covered by any globally visible aggregate, at least not one contiguous
to the connectivity at the DIX.)
As to the liability issue, it is easy enough to envision that someone,
somewhere, is relying on time results from NTP for a life-or-death application,
like a medical device, and is innocently an impacted third party in this.
Sending bad NTP values could in theory be responsible for killing someone's