Greetings! Sorry to bother you all, (and dual posting) but I really have a terrible mess with NTP POOL in MX zone.
Something happened Friday 1st August 2014. I received an URGENT call from my CERT team (CERT-UNAM). They have been warned by our ISP (uninet.net.mx) because they saw a very high number (19,033,609,268) of DNS queries to mx.pool.ntp.org pointing to 132.248.30.3 (my pool server) and BTW the only server left on MX zone. Bad things happened then: service was blocked by several administrative entities, but finally after a while we are on line again, but still out of the pool. I received another e-mail from my CERT because ISP has registered 33,045,955,940 DNS queries to mx.pool.ntp.org now pointing to 201.120.27.5 (listed on public ntp servers http://support.ntp.org/bin/view/Servers/PublicTimeServer000555). Just now, I received another phone call. This time the number of queries in last five hours is above 20 billons, and there are still no servers in the MX zone. Now we have a case number: CSI/UNAM-CERT #68868. I wonder if this huge number of queries to DNS is normal, if this behavior has been present on other zones, perhaps something is wrong on empty MX zone... I don't know what to say to calm down my CERT. It's seems to me that there is a problem with the DNS of the NTP POOL project and how it uses it. I really appreciate your advice. Best regards. -- Ing. Héctor Daniel Cortés González <[email protected]> | Don't take antes 'Aztec Eagle' Turbo <[email protected]> | the name of http://www.cie.unam.mx/xml/sacad/uc/hdcg/ | root RHCE 803004353910936. Linux User #13086. | in vain. ------------------------------------------------------------------------ perl -wle '(1 x $_) !~ /^(11+)\1+$/ && print while ++ $_' _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
