Why are you interfering with legitimate traffic instead of properly configuring your end devices?
Because it's easier to make a configuration on one single location instead of 500 distributed devices. And the second reason is that we ( as IT ) do not have access to all devices ( BYOD )
And it is a proper configured device. The client gets an IP address for a NTP server which is well configured and up-to-date. Which I cannot guarantee for all pool server.
And what will do you when the queries will start using DNSSEC?
What should happen ?
Actually I don't see DNSSEC as the great all solving solution. Currently there are some unanswered questions for me. For example what happens with DHCP dynamic updates.