The following IP address (220.127.116.11) is sometime returned while sending a DNS query for the following subdomains :
0.amazon.pool.ntp.org 0.ubuntu.pool.ntp.org 0.pool.ntp.org pool.ntp.org 2.ubuntu.pool.ntp.org 3.debian.pool.ntp.org
This is still applicable today.
That IP address appears to be a Tor Exit Node since 14 days
Additionnaly, the IP does not seems to respond to ntp requests (ntpq -crv timed out).
Could you verify if this entry is obsolete ?