About 3.5 years ago, I did a survey to see if nameservers,
authoritative for top level domains, were in sync. Those old results
can be found at:
http://www.rfc.se/fpdns/timecheck.html
I ran the survey again, in the hope things have improved, but they
actually got worse.
I've included part of the text I send out back then:
Time Survey.
As an indication, clocks at authoritative nameservers
responsible for
the top level domains (TLDs) were compared against 'actual time'.
As input for this exercise, the NSDNAME value in authoritative name
server resource records (NS) in the Root Zone (SOA:2003073101) were
resolved for their addresses. A unique pair of name and address is
regarded as a single nameserver for this survey. These
nameservers were
queried [1] for their clock value. Not every server responded,
which
does not imply that a name server was not running.
Note that I used the Root Zone version with SOA:2007031201 this time.
A received clock value is then subtracted by the 'actual time'.
This
actual time is the mean of recorded time 'on send' and 'on
receive'.
The recorded time has been synchronized through NTP with a set of
stratum 1 time servers connected to GPS receivers.
There is a 'response timeout' of 2 seconds which implies that
there may
be a 2 second fault. Values outside this fault window can be
considered
"out of sync".
To give an indication of where a server set for a domain exist
in time,
the 'range' is shown for a domain.
Say the TLD example has 5 nameservers, with the following offset:
ns1.example -50 seconds
ns2.example -12 seconds
ns3.example 1 seconds
ns4.example 77 seconds
ns3.example 150 seconds
Then 'range' for TLD 'example' is 200 (i.e. -50 to 150).
Only domains with a range larger then 4 seconds are mentioned
below.
Note that a single nameserver may serve multiple zones. If this
single
nameserver is N seconds out of sync, all zones served by this
server
will be at least N seconds out of sync.
I recently re-ran the script, and the results are below. Note that
I've not included the domains that are 4 seconds or less out of sync.
Also included here is root, listed as a single dot.
Domain Range Domain Range Domain Range
YU. 8 UZ. 241 GY. 3135
CA. 9 QA. 253 CR. 3175
NF. 9 IR. 258 AL. 3600
EU. 10 CM. 303 MD. 3650
NZ. 11 CD. 318 RO. 3680
SG. 11 RW. 318 TR. 3888
HN. 16 CG. 319 UG. 4395
SN. 19 TN. 348 HT. 4942
PL. 21 VU. 402 MM. 5489
BE. 22 AI. 410 GR. 5639
ID. 22 LB. 415 GG. 5723
KR. 28 MV. 474 JE. 5723
NA. 29 LA. 480 DZ. 6136
UA. 32 CF. 511 BH. 6496
BB. 36 MT. 514 HM. 6620
UY. 36 BW. 524 ZM. 6908
MX. 41 LT. 528 BY. 7440
GH. 57 IT. 555 MQ. 8848
. 60 NE. 585 KH. 10051
ARPA. 60 NP. 588 BT. 10062
CZ. 61 EC. 591 GQ. 12903
DO. 61 MUSEUM. 696 BO. 14806
BD. 63 BZ. 726 JO. 15818
PS. 73 MZ. 737 DM. 15980
TH. 88 OM. 739 GA. 16104
DJ. 95 CI. 755 TJ. 17614
LK. 100 NR. 757 TK. 17982
SB. 126 INT. 805 BA. 21441
CC. 133 SZ. 849 LY. 24933
ET. 133 VA. 989 BJ. 25914
NAME. 133 BI. 1035 YE. 28724
EDU. 134 ER. 1145 PA. 35999
JOBS. 134 TL. 1156 PK. 39921
TV. 134 EG. 1212 SV. 43450
GOV. 152 MR. 1487 VN. 45078
AT. 153 AD. 1532 GP. 89182
MK. 159 EE. 1591 AC. 89940
KM. 182 MY. 1671 TM. 89940
CAT. 189 MA. 1678 IO. 89941
GB. 189 JM. 1840 SH. 89941
KG. 204 TG. 2054 BF. 114772
GF. 205 NI. 2273 SY. 123066
MG. 214 CY. 2519 KW. 330786
BS. 228 SL. 2545 ML. 195229906
Below is a shame list of the nameservers that are at least one hour
(3600 seconds) out of sync (in the past and future). Yes the first
one is more than 6 years out of sync.
ciwara.sotelma.ml 217.64.97.50 -195220188
castor.teleglobe.net 199.202.55.2 -115866
ns1.orangecaraibe.com 193.251.160.222 -75305
ns.telefonica-ca.net 216.184.96.4 -43296
ns2.pa 168.77.8.7 -35845
utama.bolnet.bo 166.114.1.40 -14805
manta.outremer.com 213.16.1.106 -9044
ns2.registry.hm 209.245.20.115 -8077
ns3.registry.hm 202.169.96.24 -5407
ns1.nic.ht 64.86.226.26 -4941
ns2.druknet.bt 202.144.128.210 -4163
web.eahd.or.ug 216.104.202.101 -3778
ns2.batelco.com.bh 193.188.97.212 -3694
itgbox.iat.cnr.it 146.48.65.46 3601
casbah.eldjazair.net.dz 193.194.81.45 3773
ns5.nic.tr 213.139.255.18 3889
ns1.microlink.zm 193.220.20.30 4378
grdns-us.ics.forth.gr 192.0.34.138 5509
ns1.druknet.bt 202.144.128.200 5899
ns1.zamnet.zm 196.46.192.26 6137
nyali.inet.ga 217.77.71.33 6412
dns2.net.sy 66.198.41.14 7200
dns.belpak.by 193.232.248.45 7441
dogon.sotelma.ml 217.64.98.75 9718
ns.camnet.com.kh 203.223.32.3 10051
bow.intnet.gq 193.251.153.78 12904
ns1.nic.gp 193.218.114.2 13877
petra.nic.gov.jo 193.188.66.2 14408
ns1.nic.dm 208.0.224.114 14471
ogooue.inet.ga 217.77.71.1 16105
ns.tojikiston.com 193.111.11.2 17614
root-c.taloha.tk 207.36.228.217 17982
ns.ba 195.130.35.5 21441
ns0.mpt.net.mm 203.81.64.20 21760
dns1.lttnet.net 62.68.42.9 24771
dns.lttnet.net 62.240.36.9 24934
nakayo.leland.bj 81.91.225.1 25915
dns2.kw 161.252.48.150 27045
ns1.mpt.net.mm 203.81.64.19 27249
sah2.ye 195.94.0.35 28656
ns.pknic.net.pk 207.44.136.109 39922
dns-hcm01.vnnic.net.vn 203.162.87.66 45079
ns3.icb.co.uk 217.199.188.61 88287
ns3.icb.co.uk 217.199.188.61 88288
dns1.kw 161.252.48.140 330833
Regards,
Roy
_______________________________________________
DNSOP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dnsop
