On Mon, Nov 21, 2011 at 19:03, horus <[email protected]> wrote: > ntpd 12527 ntp 16u IPv4 701107082 0t0 > UDP *:ntp > ntpd 12527 ntp 17u IPv6 701107083 0t0 > UDP *:ntp > ntpd 12527 ntp 18u IPv4 701107089 0t0 > UDP localhost.localdomain:ntp > ntpd 12527 ntp 19u IPv4 701107090 0t0 > UDP blah.blah:ntp > ntpd 12527 ntp 20u IPv6 701107091 0t0 > UDP [fe80::7a2b:cbff:fe43:3ed2]:ntp > ntpd 12527 ntp 21u IPv6 701107092 0t0 > UDP 2607.f0d0.2001.000a.0000.0000.0000.0010-static.officeirc.com:ntp > what the heck is this entry???? > ntpd 12527 ntp 22u IPv6 701107093 0t0 > UDP localhost6.localdomain6:ntp
You've shown netstat output without identifying it as such or saying which OS produced it. Your netstat has shoddy code that believes PTR records which it shouldn't, because they don't forward validate. Anyone can claim any hostname for any address in a reverse DNS zone they control, so it is incumbent on software which replaces a numeric IP address in its display with the putative reversed hostname ensure that the original IP address appears among the A/AAAA records returned for a query of the putative hostname. If we ask for the DNS reverse of your box's public IPv6 address: ; <<>> DiG 9.8.0-P4 <<>> -x 2607:f0d0:2001:000a:0000:0000:0000:0010 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32209 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.0.0.0.1.0.0.2.0.d.0.f.7.0.6.2.ip6.arpa. IN PTR ;; ANSWER SECTION: 0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.0.0.0.1.0.0.2.0.d.0.f.7.0.6.2.ip6.arpa. 3600 IN PTR 2607.f0d0.2001.000a.0000.0000.0000.0010-stat ic.officeirc.com. ;; Query time: 192 msec we are told the hostname is that long name ending in officeirc.com. But when we attempt to verify that by querying IPv6 addresses for that hostname: ; <<>> DiG 9.8.0-P4 <<>> aaaa 2607.f0d0.2001.000a.0000.0000.0000.0010-static.officeirc.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57789 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;2607.f0d0.2001.000a.0000.0000.0000.0010-static.officeirc.com. IN AAAA ;; AUTHORITY SECTION: officeirc.com. 300 IN SOA ns1.officeirc.com. hostmaster. 61 600 600 2678400 300 ;; Query time: 110 msec we are told that long name is non-existent (NXDOMAIN). You appear to have hand-edited the output to replace an IPv4 address or its reversed hostname with "blah.blah". That entry and the one you questioned are IPv4/IPv6 evil twins -- both tell you ntpd has a socket listening on (bound to) port 123 of the underlying local IP address. Using netstat's -n option may reduce confusion (and will suppress credulous display of unverified reversed hostnames). If you configure ntpd for remote management using symmetric key authentication, you can use ntpdc's ifstats to retrieve per-address statistics. In 4.2.7 ntpq also has ifstats. Cheers, Dave Hart _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
