A tool to help monitor pool DNS results

Hi All

I have uploaded a tool I have been running over the last few months as it may be useful to others.

You can run it from a number of locations over a period of time and gather the information into files that can be processed as you want.

For example in the last 24 hours (UTC) was my Singapore servers ip address returned and by what DNS server

$ grep 15.235.181.37 pool-dns-latest.csv |  awk -F, '{print $3}' | sort | uniq -c | sort -rn
     24 127.0.0.1
     23 1.1.1.1
     20 9.9.9.9
     15 194.156.163.137
     14 8.8.8.8

And what about the server in Mumbai

$ grep 148.113.16.33 pool-dns-latest.csv |  awk -F, '{print $3}' | sort | uniq -c | sort -rn
      8 127.0.0.1
      6 9.9.9.9
      5 194.156.163.137
      4 8.8.8.8
      4 1.1.1.1

What about the ipv6 address for Mumbai

$ grep 2402:1f00:8300:821::123 pool-dns-latest.csv |  awk -F, '{print $3}' | sort | uniq -c | sort -rn
     31 1.1.1.1
     27 9.9.9.9
     26 194.156.163.137
     21 8.8.8.8
     18 127.0.0.1

As time permits I would like to improve it but based on recent discussions regarding US servers being given out in Africa and load in the Belgium zone I thought it may be useful to others.

Thinking aloud - What is a number of locations ran this from many different servers around the world then uploaded to a common location. Maybe that results could be useful.

Oh, did something similar a while back, by just running dig +short pool.ntp.org >> pool.txt in a loop, and vibe coded up a script to process the data to test a theory that was being discussed here at the forum.

Seems you’re wanting to test pretty much the same thing?

Yeah I created this after one of the big anycast dns providers started including Argentina ip addresses for queries from NZ. The round trip time highlights distant servers. When you see a response with 400+ msec times you start to wonder why the system is providing it.

So you’re seeing this behaviour with one particular DNS provider?

Afaik, if provided, the pool will make use of something called EDNS to derive your country from your IP address, as reported by your DNS server. Not all DNS services provide this for privacy reasons, in which case the pool uses the DNS server’s location instead.

Which does not explain what you’re describing. What is this DNS service?

I noticed in glancing at the code that if an NTP query fails, the code waits 1 second before retrying. I suggest at least two seconds as the default ntpd restrict ... limited ignores queries less than 2s apart. I’m guessing your code caches RTT to NTP servers, if so you’re likely not going to self-inflict rate limiting but it’s just a good practice to avoid hitting NTP servers every second. If this were run from a client behind CGNAT, you could hit rate limiting due to neighboring networks happening to have queried the pool server just before.

Hi

Was seeing it - Problems with Cloudflare DNS in NZ

When I test it today the highest RTT is 56ms which puts the server in Sydney area.