Software and devices without a vendor zone


#21

Deny first, check later… my evidence shows that when the fr24feed program logs an NTP request, that the DNS log shows a lookup to the pool servers.


#22

@hnapel Huh? They didn’t deny doing the lookups. They are going to review what it does and reduce the number of lookups.


#23

I was configuring a big production printer which included EFI Fiery and while time sync was off, it defaulted to pool.ntp.org, with options for continental subdomains. This is a fairly niche piece of software, so not a big install base, but it still might be worth contacting them.


#24

I’m not totally sure how to best organize this. I don’t have time to keep up with all the companies that should be contacted. Maybe improvements to the vendors page or an alternate introduction page would make it easier to have something to point companies to.

Suggestions, patches, etc are welcome.


#25

Suggestion here: From all the misbehaving vendors here, I’m wondering if it would be an idea to reverse the process, and switch to “vanity zones” with optional registration.

Instead of first registering a zone before it can be used (delay+effort, so likely to be skipped*), the pool DNS software could be modified to answer wildcards: {0,1,2,3}.<anything>.pool.ntp.org.

Then, the “default” would become that every user can always pick their own personal “vanity” zone, and only “big” users are encouraged to claim their zone by later providing contact info.

So, I could unilatterally pick “juleskers.pool.ntp.org” and it would just work™, and Snapchat would have picked “snapchat.pool.ntp.org”, without any communication with Ask/the project whatsoever. An open source project could pick “myproject.pool.ntp.org”, etc.

The advantage for the pool is a that we have segregated log-monitoring from the get-go, and hopefully even unregistered vanity zones would provide useful leads when diagnosing events. (“Gee, I wonder where all that unregistered comcast.pool.ntp.org traffic is coming from”)

Documentation also becomes simpler, because the instructions for home users and business users become identical: “configure <yourname>.pool.ntp.org”, so people are less likely to forget (or “forget”) to read the vendor page.

To keep regional accuracy, either the pool DNS must do geo-lookup of the requesting IP, or we could support {0,1,2,3}.{EU,Asia,…}.<vanityzone>.pool.ntp.org.

*Reasoning for skipping: anything that requires a signature/feedback/longstanding-contact-commitment from the team leader (or even higher up!) leads to more internal bureaucracy for the poor overworked code monkey tasked with the NTP implementation.
Under the motto of “Somebody Else’s Problem” and “ehhh, probably no-one will notice” they’ll use the conveniently provided region-default that creates less work for them (but more problems for us).

Is that doable?


#26

2017-models TP-Link WiFi repeaters (including TL-WA855RE V1, TL-WA850RE V2, RE650 V1, RE500 V1, and RE450 V1) all hardcode au.pool.ntp.org and nz.pool.ntp.org worldwide, and sends one NTP request to whichever is the first IP address returned by either DNS requests once every 5 seconds. time.nist.gov and three others are also in the hardcoded list.

TP-Link is using NTP as an aggressive internet connectivity check, and squanders 715 MB/month on this “feature” for each of their customers. It can’t be configured or disabled in TP-Link’s firmware.

I think you may want to discuss more than just vanity pool names with TP-Link….


TP Link and NZ + AU servers