Folks,
Digging a bit deeper here on the DNS authoritative servers setup for pool.ntp.org
.
It turns out that there are several issues with it ATM, ranging from unresponsive servers to reuse of the same IP address for different NSes.
You can get full reports from two great online DNS tools. I’m including here links to the experiments I ran already:
Using DNSVIZ
Using Zonemaster
thanks
ps: thanks @marco.davids for the help too
1 Like
ask
July 3, 2021, 12:29pm
2
Thanks @giovane & @marco.davids – @gfk and I did talk recently about some of these. Not getting them removed from the NS records was an oversight.
1 Like
Indeed three delegation errors seem fixed now. Thank you!
For the record: these where there errors that now seem fixed:
IP 199.188.48.59 in parent refers to multiple nameservers (d.ntpns.org ; g.ntpns.org ).
IP 199.188.48.59 in child refers to multiple nameservers (d.ntpns.org ; g.ntpns.org ).
IP 199.188.48.59 refers to multiple nameservers (d.ntpns.org ; g.ntpns.org ).
These are the remaining errors:
Follow up:
A quick review[1] seems to indicate that some IP-addresses in the NS-set for pool.ntp.org are still unresponsive:
2a05:91c0:1505:5::c924 (c.ntpns.org )
2620:7:6000::ffff:c759:df35 (d.ntpns.org
199.249.223.53 (d.ntpns.org )
91.212.242.43 (f.ntpns.org )
It is also confusing that the SOA record of pool.ntp.org has a rather variable content[2] in the MNAME field and I wonder why this is? Why not put a.ntpns.org in it everywhere?
[1] for a in $(dig +short ns pool.ntp.org | sort); do echo -e "\033[1mServer\033[0m $a ------"; for b in $(dig +short A $a); do echo " IP: $b ---"; dig +short SOA pool.ntp.org @$b; done; done
[2] dig +nssearch pool.ntp.org
gfk
July 30, 2021, 2:40pm
5
Hello Marco and thanks for the analyses. Here’s what’s going on:
2a05:91c0:1505:5::c924 is fixed (actually changed to 2a05:91c0:1505:5:: )
91.212.242.43 has been removed permanently from DNS
199.249.223.53/2620:7:6000::ffff:c759:df35 had crashed, operator has been notified, should be back in a few hours.
2 Likes
gfk:
Here’s what’s going on:
Confirmed! Thank you!
https://zonemaster.iis.se/?resultid=12182bd01f32f739
UPDATE 20210801:
That was two days ago. Apparently we have to be a little more patient?