Wondering if this is the right place for this.
Is anyone else noticing that when resolving 0.us.pool.ntp.org from the NS c.ntpns.org it occasionally responds with 192.241.206.171 which does not have UDP 123 open, and reverse records resolve to gopher.fart.website. The operator of this website is aware of the issue and has actually configured his nginx config so anyone who visits 0.us.pool.ntp.org via the bad DNS entry gets redirected to some stupid youtube video. As a result of this anytime my Windows Time Service queries pool.ntp.org it gets this sketchy address and tries to pull NTP from it. This issue has been triggering IDS alarms across my organization as it is a known Tor node.
Here is my recent dig results as of 2/1/2017 at 10:03 GMT-5
dig @c.ntpns.org 0.us.pool.ntp.org
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> @c.ntpns.org 0.us.pool.ntp.org
; (4 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11632
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;0.us.pool.ntp.org. IN A
;; ANSWER SECTION:
0.us.pool.ntp.org. 150 IN A 107.151.174.199
0.us.pool.ntp.org. 150 IN A 64.71.152.181
0.us.pool.ntp.org. 150 IN A 192.241.206.171
0.us.pool.ntp.org. 150 IN A 38.229.71.1
;; Query time: 110 msec
;; SERVER: 85.214.25.217#53(85.214.25.217)
;; WHEN: Wed Feb 1 10:03:17 2017
;; MSG SIZE rcvd: 167