I am seeing issues with the DNS records being returned by Cloudflare public dns system (1.1.1.1) for pool.ntp.org. Not for other domains like 2.nz.pool.ntp.org but only the global name.
I am guessing this is NOT a problem with the pool DNS system but was wanting to get an idea if others around the world were seeing similar issues or the problem was isolated to NZ.
If, from an ip address in New Zealand, I do a AAAA lookup for 2.pool.ntp.org I always, and only get the two Cloudflare ntp ip addresses.
If I do an AAAA dig to i.ntpns.org I get these two plus a selection of other servers as expected.
For ipv4 A requests I am seeing the Cloudflare ipv4 addresses along with a number of ip addresses returned that are in Argentina. These addresses are in the pool and if they are yours and you are seeing extra requests coming through then they may be coming from across the Pacific - pool.ntp.org: Statistics for 168.96.251.195 for example.
Anyway as I mentioned I do NOT think this is a problem with the pool dns systems but was wanting to ask others if they have, or are seeing similar things from their location before I contact Cloudflare, if they have some support portal for their public DNS system.
And for the record there are no problems with 8.8.8.8, 9.9.9.9 or my local ISP DNS and the responses from Cloudflare are coming from a location that is about 20ms from me which puts them in Auckland New Zealand - the Cloudflare POP location.
I notice that Argentina only has two IPv6 servers in the NTP Pool, and they’re both Cloudflare ones. So the observed behaviour is what you’d expect if you were getting the correct servers for Argentina rather than for New Zealand.
(And to confirm, 1.1.1.1 is returning perfectly sensible results for me in the UK)
Thanks @bjh21 and @NTPman Your replies were helpful. I guess the problem is with the NZ Cloudflare POP so will contact them to see what can be done.
I am not aware of anything that checks and validates the DNS replies from providers like Cloudflare. If anyone is then let me know.
May have a look at building a tool that checks what the DNS providers are sending out is actually similar to what the pool DNS servers are providing.