Some DNS servers unresponsive

Hi,

some of the authoritative DNS servers for pool.ntp.org are unresponsive at least since about two weeks, thus are slowing down name resolution.

Currently (2026-03-12, 22:50Z) the following servers do not respond to DNS queries, tested from multiple locations in Europe and North America:

• 185.134.197.79 (part of a.ntpns.org), no response
• 77.90.25.251 (part of b.ntpns.org), connection refused
• 160.119.216.201 (part of b.ntpns.org), connection refused
• 2001:43f8:d60:300::201 (part of b.ntpns.org), no response, network not in BGP DFZ
• 2a0e:b107:27f9:123::53 (part of b.ntpns.org), no response, ICMP network-unreachable
• 89.40.214.141 (part of c.ntpns.org), connection refused
• 2600:3c02::f03c:92ff:fe5f:baf1 (part of c.ntpns.org), connection refused
• 2a00:14b0:4200:32e0::1e5 (part of c.ntpns.org), connection refused
• 2a05:91c0:1506:145:: (part of c.ntpns.org), connection refused
• 2a0b:4341:1500:142:5054:ff:fef5:ba1c (part of c.ntpns.org), connection refused
• 2407:b9c0:f001:3a2:5054:ff:fe83:a2ff (part of d.ntpns.org), no response
• 51.89.70.90 (part of d.ntpns.org), no response
• 2001:41d0:700:335d::12 (part of d.ntpns.org), connection refused

I have a feeling, some of these servers were shut off by their operators (those that are unresponsive to DNS and ping) – which could pose a risk, if the corresponding IP gets reassigned to some other customer in the future. In that scenario, the new owner of that IP could send malicious replies to questions for the NTP pool.

Those servers, that respond with some sort of ICMP “port-unreachable” or TCP-RST might just have trouble with the DNS service and might just need a restart.

Is this a known problem?

The Pool’s own view of the situation.

Thanks @lordgurke.

I fixed a handful of those, the GeoDNS software only scans for interfaces / IPs to listen to on startup and some of the servers (I guess) didn’t have interfaces available when GeoDNS started up. They were a mix of different (LTS) Ubuntu versions, so it’s a little surprising and the first time I’ve seen this in I guess almost 14 years since the first version of the current DNS server software!

Some of the others you were unlucky to probe just as they were being shutdown. It’s a little odd too, because the A/AAAA records for the DNS server IPs should only be cached for 6 hours.

The last group are servers that are down and we (@gfk and myself) hoped temporarily, I guess, but they haven’t come back (and honestly the alerts probably got lost in the extra noise from moving the infrastructure, including the monitoring systems). I’ll check that we have emails out to the people who provided them.

The infrastructure migration includes shutting down a bunch of DNS servers, so we could use more.

What you saw also is a good sign that Guillaume and I could use help from another volunteer, maybe in a European timezone to help look after the DNS servers.