Geekly Articles each Day
📜 ⬆️ ⬇️

DNS servers ntp.org not available

Not a good day, colleagues in the shop. Currently, there is an unavailability of DNS servers responsible for the ntp.org zone. Billions of devices around the world are synchronized with the pool.ntp.org servers, and now they are having trouble getting accurate time.

They saw the problem when the answers disappeared through our recursive servers, but it was still possible to cut through Google Global DNS. Some time ago, ntp.org left the Google DNS cache.

dmvy@dmvy-tn:~$ dig ntp.org @8.8.8.8 ... ;; QUESTION SECTION: ;ntp.org. IN A ;; ANSWER SECTION: ntp.org. 615 IN A 185.140.48.231 ntp.org. 615 IN A 128.4.24.98 ;; Query time: 45 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Dec 27 14:16:14 +05 2016 ;; MSG SIZE rcvd: 68 dmvy@dmvy-tn:~$ dig ntp.org @8.8.8.8 ... ;; QUESTION SECTION: ;ntp.org. IN A ;; Query time: 29 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Dec 27 14:20:09 +05 2016 ;; MSG SIZE rcvd: 36

List of servers for the zone ntp.org:

 dmvy@dmvy-tn:~$ whois ntp.org Domain Name: NTP.ORG ... Name Server: NS1.EVERETT.ORG Name Server: NS2.EVERETT.ORG Name Server: NS1.NTP.ORG Name Server: NS2.NTP.ORG DNSSEC: unsigned >>> Last update of WHOIS database: 2016-12-23T14:36:59Z <<<

We receive from cache 8.8.8.8 record on the first server
') 
 dmvy@dmvy-tn:~$ dig NS1.EVERETT.ORG @8.8.8.8 ... ;; QUESTION SECTION: ;NS1.EVERETT.ORG. IN A ;; ANSWER SECTION: NS1.EVERETT.ORG. 911 IN A 66.220.13.229 ;; Query time: 44 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Dec 27 14:15:01 +05 2016 ;; MSG SIZE rcvd: 60

Surprisingly, the server began to respond to icmp (perhaps this is a hardware balancing device, since there are no answers to udp / 53).

 dmvy@dmvy-tn:~$ mtr -wrc2 66.220.13.229 Start: Tue Dec 27 14:23:41 2016 HOST: dmvy-tn Loss% Snt Last Avg Best Wrst StDev 1.|-- 192.168.98.1 0.0% 2 0.8 0.8 0.8 0.8 0.0 2.|-- ??? 100.0 2 0.0 0.0 0.0 0.0 0.0 3.|-- 192.168.90.14 0.0% 2 0.5 0.4 0.3 0.5 0.0 ... 8.|-- 217.107.68.25 0.0% 2 49.0 49.0 49.0 49.1 0.0 9.|-- 100ge12-2.core1.sto1.he.net 0.0% 2 47.7 47.7 47.7 47.7 0.0 10.|-- 100ge12-1.core1.fra1.he.net 0.0% 2 73.1 73.3 73.1 73.5 0.0 11.|-- 100ge5-2.core1.par2.he.net 0.0% 2 77.1 78.6 77.1 80.0 2.0 12.|-- 100ge10-1.core1.nyc4.he.net 0.0% 2 156.4 153.4 150.5 156.4 4.1 13.|-- 100ge14-2.core1.sjc2.he.net 50.0% 2 216.7 216.7 216.7 216.7 0.0 14.|-- 10ge1-1.core1.fmt1.he.net 0.0% 2 218.4 222.1 218.4 225.8 5.2 15.|-- ns1.everett.org 0.0% 2 218.7 218.6 218.6 218.7 0.0 dmvy@dmvy-tn:~$ dig ntp.org @66.220.13.229 ; <<>> DiG 9.10.3-P4-Ubuntu <<>> ntp.org @66.220.13.229 ;; global options: +cmd ;; connection timed out; no servers could be reached

The ipv6 servers are also unavailable.

UPD: NS1.EVERETT.ORG started working. The remaining 3 servers are not responding.

Dig command output
 dmvy@dmvy-tn:~$ dig ntp.org @NS1.NTP.ORG ; <<>> DiG 9.10.3-P4-Ubuntu <<>> ntp.org @NS1.NTP.ORG ;; global options: +cmd ;; connection timed out; no servers could be reached dmvy@dmvy-tn:~$ dig ntp.org @NS2.NTP.ORG ; <<>> DiG 9.10.3-P4-Ubuntu <<>> ntp.org @NS2.NTP.ORG ;; global options: +cmd ;; connection timed out; no servers could be reached dmvy@dmvy-tn:~$ dig ntp.org @NS1.EVERETT.ORG ; <<>> DiG 9.10.3-P4-Ubuntu <<>> ntp.org @NS1.EVERETT.ORG ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6021 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 5 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ntp.org. IN A ;; ANSWER SECTION: ntp.org. 3600 IN A 185.140.48.231 ntp.org. 3600 IN A 128.4.24.98 ;; AUTHORITY SECTION: ntp.org. 3600 IN NS ns2.everett.org. ntp.org. 3600 IN NS ns1.everett.org. ;; ADDITIONAL SECTION: ns1.everett.org. 1800 IN AAAA 2001:470:1:205::229 ns2.everett.org. 1800 IN AAAA 2001:470:1:205::230 ns1.everett.org. 1800 IN A 66.220.13.229 ns2.everett.org. 1800 IN A 66.220.13.230 ;; Query time: 216 msec ;; SERVER: 2001:470:1:205::229#53(2001:470:1:205::229) ;; WHEN: Tue Dec 27 14:59:32 +05 2016 ;; MSG SIZE rcvd: 200 dmvy@dmvy-tn:~$ dig ntp.org @NS2.EVERETT.ORG ; <<>> DiG 9.10.3-P4-Ubuntu <<>> ntp.org @NS2.EVERETT.ORG ;; global options: +cmd ;; connection timed out; no servers could be reached


Tracing to ns2.everett.org ipv4 and ipv6
 dmvy@dmvy-tn:~$ mtr -wrc2 ns2.everett.org Start: Tue Dec 27 15:03:22 2016 HOST: dmvy-tn Loss% Snt Last Avg Best Wrst StDev 1.|-- 2b00:8b00:a:1::1 0.0% 2 0.8 1.0 0.8 1.2 0.0 ... 6.|-- 2b01:620:1:8::1 0.0% 2 72.3 36.4 0.5 72.3 50.8 7.|-- fe80::2a0:a50f:fc85:4fc0 0.0% 2 63.4 65.2 63.4 67.0 2.4 8.|-- 40ge1-3.core1.lon2.he.net 0.0% 2 93.1 90.5 87.9 93.1 3.6 9.|-- 100ge6-1.core1.lon2.he.net 0.0% 2 160.2 123.9 87.6 160.2 51.3 10.|-- 100ge14-2.core1.sjc2.he.net 0.0% 2 230.1 224.3 218.4 230.1 8.2 11.|-- 10ge1-1.core1.fmt1.he.net 0.0% 2 218.9 218.9 218.9 218.9 0.0 12.|-- 10ge1-1.core1.fmt1.he.net 0.0% 2 232.0 226.5 221.1 232.0 7.7 13.|-- ??? 100.0 2 0.0 0.0 0.0 0.0 0.0 dmvy@dmvy-tn:~$ ip -6 ro del default RTNETLINK answers: Operation not permitted dmvy@dmvy-tn:~$ sudo ip -6 ro del default dmvy@dmvy-tn:~$ mtr -wrc2 ns2.everett.org Start: Tue Dec 27 15:03:50 2016 HOST: dmvy-tn Loss% Snt Last Avg Best Wrst StDev 1.|-- 192.168.98.1 0.0% 2 0.8 0.8 0.8 0.9 0.0 2.|-- ??? 100.0 2 0.0 0.0 0.0 0.0 0.0 3.|-- 192.168.90.14 0.0% 2 0.5 0.5 0.4 0.5 0.0 ... 8.|-- 217.107.68.25 0.0% 2 54.8 55.2 54.8 55.5 0.0 9.|-- 100ge12-2.core1.sto1.he.net 0.0% 2 53.9 54.9 53.9 55.9 1.4 10.|-- 10ge12-6.core1.ams1.he.net 0.0% 2 80.1 86.5 80.1 92.9 8.9 11.|-- 100ge9-1.core1.lon2.he.net 0.0% 2 90.5 90.8 90.5 91.1 0.0 12.|-- 100ge1-1.core1.nyc4.he.net 0.0% 2 157.3 158.1 157.3 158.8 1.0 13.|-- 100ge14-2.core1.sjc2.he.net 0.0% 2 214.0 215.7 214.0 217.4 2.2 14.|-- 10ge1-1.core1.fmt1.he.net 0.0% 2 225.8 225.9 225.8 225.9 0.0 15.|-- ??? 100.0 2 0.0 0.0 0.0 0.0 0.0

Source: https://habr.com/ru/post/318556/

More articles:


All Articles