Folks,
Digging a bit deeper here on the DNS authoritative servers setup for pool.ntp.org.
It turns out that there are several issues with it ATM, ranging from unresponsive servers to reuse of the same IP address for different NSes.
You can get full reports from two great online DNS tools. I’m including here links to the experiments I ran already:
thanks
ps: thanks @marco.davids for the help too
Thanks @giovane & @marco.davids – @gfk and I did talk recently about some of these. Not getting them removed from the NS records was an oversight.
Indeed three delegation errors seem fixed now. Thank you!
For the record: these where there errors that now seem fixed:
IP 199.188.48.59 in parent refers to multiple nameservers (d.ntpns.org; g.ntpns.org).
IP 199.188.48.59 in child refers to multiple nameservers (d.ntpns.org; g.ntpns.org).
IP 199.188.48.59 refers to multiple nameservers (d.ntpns.org; g.ntpns.org).
These are the remaining errors:
Follow up:
A quick review[1] seems to indicate that some IP-addresses in the NS-set for pool.ntp.org are still unresponsive:
2a05:91c0:1505:5::c924 (c.ntpns.org)
2620:7:6000::ffff:c759:df35 (d.ntpns.org
199.249.223.53 (d.ntpns.org)
91.212.242.43 (f.ntpns.org)
It is also confusing that the SOA record of pool.ntp.org has a rather variable content[2] in the MNAME field and I wonder why this is? Why not put a.ntpns.org in it everywhere?
[1] for a in $(dig +short ns pool.ntp.org | sort); do echo -e "\033[1mServer\033[0m $a ------"; for b in $(dig +short A $a); do echo " IP: $b ---"; dig +short SOA pool.ntp.org @$b; done; done
[2] dig +nssearch pool.ntp.org
Hello Marco and thanks for the analyses. Here’s what’s going on:
Confirmed! Thank you!
https://zonemaster.iis.se/?resultid=12182bd01f32f739
UPDATE 20210801:
That was two days ago. Apparently we have to be a little more patient? 