Hi!
fi.pool.ntp.org contains a server with name support.russianbridesnetwork.com which does not look good on a sources list. What is the correct contact to propose it to be removed from the Finnish pool?
I don’t think that’s inappropriate. I would suggest using chronyc -n sources (or equivalent) to show the source servers. That won’t help if the server operator has chosen an IPv6 address like 2001:db8::b00b:babe, though.
Another option would be to use your ISP’s NTP servers instead of the pool NTP servers.
2 Likes
I don’t think that the NTP Pool project has any rules regarding what strings are permitted in the DNS so I suppose you would be directly appealing to @ask to make a judgement call on that one.
I can see that name might raise eyebrows in some contexts, like if someone is auditing all traffic flows of an enterprise, but it’s important to note that the name merely exists in DNS and does not impact NTP functionality at all. Currently the NTP Pool project only concerns itself with suitability for NTP.
Firewalling off that IP address probably isn’t going to help much as I expect most NTP client implementations will keep the peer but mark it as unusable (so its name would still appear in a peer list, and all you’d achieve is minimising the traffic flows).
Aside from @avij 's suggestions of either only viewing IP addresses or just not using the NTP Pool, I think it should be possible to use a DNS resolver with policy controls like RPZ on BIND to reject that IP address from being resolved in your DNS.
Yeah, that’s basically our policy. It’s more by necessity than by preference though. I’m open to having a different policy, but anything that takes human review would have to come with help to do that work. Anything that takes software development work will take away from something else, too.
1 Like
I have lots of free time. I wouldn’t mind helping out with enforcing policies, responding to email requests (vendor zones comes to mind) and other small things.
I would prefer not seeing any political, war related or suspicious names at all on an NTP server list.
Brides or boobes are OK to me, but somethings like cuttingbalticseacables.org not. Seeing our not-so-friendly neighbour country on a list of Finnish NTP servers just does not sound appropriate at the time.
I would support a policy where anything political or contradictory would be banned on a PTR name.
Where does the political start, and where does it end? What’s political to you, might just be a meme to the rest of the world, and vise versa. We might all be fine with and see the joke in someone using ::b16:b00b:babe for thier server, but I can guarantee 100% without a doubt there WILL be someone out there that will raise a stink about it, there always will be. Do you censor the server for the 1 individual against it, even though everyone else is OK with it?
It’s a very slippery slope that plenty of other Linux groups are dealing with, what with so much politically correct speak and views (woke mentality) getting mixed into what should just be exchanges of idea in programming, program upkeep and maintenance. Plenty of examples already out there to show how it’s negatively affecting various distirbutions.
Simply put, if you don’t like a server name, don’t use it. But don’t try to force others not to use it or have it unavailable, just because you don’t like it. So long as it’s not against the laws of the country of its host, or other countries, there shouldn’t be any need to ban or block them in the list, other then technical reasons (ie server can’t be reached for days at a time).
4 Likes
Everything is political to someone, and hosts are used for lots of things other than NTP.
You’re asking for this project to
- Decide what is “political”, worldwide
- Spend time contacting server admins to force them to change the PTR record of their IP address (which will impact anything that sees that record, not just peer list commands of NTP clients)
- Remove the server from the pool if the admin doesn’t comply, potentially making the service worse for every user even though the vast majority of them may have had no opinion on the PTR name concerned.
I think any such attempt at a policy for the pool would have to devolve to, “any name that anyone doesn’t like is not okay” else there would be endless debate upon almost every complaint. Even then, that’s a huge amount of manual work to carry out.
On balance it seems like a fair trade to say that this volunteer project is not going to take on that work and that end users should filter their own DNS if that is of concern to them.
2 Likes
I don’t like such PTR / A records too. But personaly if i look into chrony or ntp stats i use the -n to just show the IP. It’s on the first look faster and much more readable as some domain names which maybe truncated.
But yeah where do you start / stop with allowed / disallowed hostnames / Ipv6 addresses.
If you enroll a deny policy you have to controll and enforce it. If you don’t do that you don’t need that policy at all.
And you will need power to controll and enforce it…
Expanding on my previous comment, I believe the majority of servers in the NTP pool have some other primary purpose, such as web or mail server. It makes sense to set the reverse DNS according to the primary purpose of the server. Many of us in here in the discussion forum have dedicated NTP servers, but that’s sampling bias.
In this particular case, it seems to be a web server. There is also a TLS certificate, although for the hostname support4 instead of support. There’s some sort of a login page at that address, suggesting it’s actually used for something. It seems they have a valid reason for using that domain name. I get the impression that this reverse DNS was not set up as a joke or to annoy people.
I’ll also note that they have been using that hostname for web since at least 2017 so it’s not something new. The web page may have been hosted elsewhere earlier, though. I don’t know how long this server has been in the NTP pool.
As for me, as long as the server serves correct time (which it does) I’m fine with the server name.
$ ntpdate -q 65.109.9.242
2025-05-23 22:45:39.414664 (+0300) -0.000019 +/- 0.000592 65.109.9.242 s2 no-leap
1 Like