I did some more digging into the stats that my NTP server in the Phillipines produced.
Apparently my server, with Netspeed at not-zero-minimum (512k), and only occasionally available in the pool during the day due to large moves in the monitoring score, peaks at a NTP request rate higher than what I estimate for the entire country of Spain. In numbers: 120,000 requests per second.
At those peaks, 99% of the traffic is originating from just 10% of the client IPs, which correspondingly are heavily ratelimited.
So either the Philippines have a lot more devices per capita that query the pool than other countries and most of them behind some kind of NAT, or they have some seriously broken clients or setups.
Also, the number of requests my server got increased even during times where it was not active in the pool. The only thing I could think of leading to this is if somewhere the DNS responses from the pool are cached for far longer than they should?
This all sounds rather strange, so i think one solution might actually be to figure out why there are so many requests and not just to fight the symptom with more servers or a different distribution mechanism.
Do you have any ideas where to start? I was thinking of writing mails to the abuse teams of the IP addresses with the largest request rates, since those are only a couple dozen addresses from a handful of ISPs.