Re: [DNSOP] TLD nameserver time survey... yet again
Roy Arends <roy@dnss.ec> Mon, 16 November 2009 20:57 UTC
Return-Path: <roy@dnss.ec>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 442593A688A for <dnsop@core3.amsl.com>; Mon, 16 Nov 2009 12:57:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.951
X-Spam-Level:
X-Spam-Status: No, score=0.951 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_SE=0.35, J_CHICKENPOX_22=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gaT4v0Gu03AV for <dnsop@core3.amsl.com>; Mon, 16 Nov 2009 12:57:00 -0800 (PST)
Received: from mail.schlyter.se (trinitario.schlyter.se [195.47.254.10]) by core3.amsl.com (Postfix) with ESMTP id 0B84B3A6835 for <dnsop@ietf.org>; Mon, 16 Nov 2009 12:57:00 -0800 (PST)
Received: from a82-94-105-54.adsl.xs4all.nl (a82-94-105-54.adsl.xs4all.nl [82.94.105.54]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: roy) by mail.schlyter.se (Postfix) with ESMTPSA id 205492D597; Mon, 16 Nov 2009 21:56:56 +0100 (MET)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Roy Arends <roy@dnss.ec>
In-Reply-To: <196AC22D-654D-4B07-9073-166968D37DDC@dnss.ec>
Date: Mon, 16 Nov 2009 21:56:56 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <F6DD2183-116C-4B0E-AEC0-18F9E9DB5C08@dnss.ec>
References: <Pine.LNX.4.56.0308051055450.2490@elektron.atoom.net> <11FB6FD7-7AB6-45AB-86EF-338D93F424C6@dnss.ec> <196AC22D-654D-4B07-9073-166968D37DDC@dnss.ec>
To: IETF DNSOP WG <dnsop@ietf.org>
X-Mailer: Apple Mail (2.1077)
Cc: Roy Arends <roy@dnss.ec>
Subject: Re: [DNSOP] TLD nameserver time survey... yet again
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2009 20:57:02 -0000
Fwiw, omitted are those domains that have less than 5 seconds in difference among their nameservers. Roy On Nov 16, 2009, at 8:43 PM, Roy Arends wrote: > About 2.5 years, and 6 years ago, I did a survey to see if nameservers, authoritative for top level domains, were in sync. I've just done it again. Here are the results. Note that I used the Root Zone version with SOA:2009111600 this time. > > The number following the domain, is the largest difference in seconds between nameservers responsible for the domain. > > AQ. 5 CR. 505 DJ. 1271 > ID. 6 GR. 659 NP. 1317 > BN. 8 ET. 669 CI. 1319 > YU. 8 SN. 847 MY. 1416 > AR. 11 MG. 931 MV. 1451 > GE. 11 CH. 971 PR. 1582 > WS. 19 CX. 971 TM. 1961 > MK. 27 LS. 971 KM. 2166 > GH. 28 MU. 971 MZ. 2188 > VU. 36 NA. 971 MA. 2308 > INT. 38 PS. 971 MR. 2531 > KR. 42 AE. 972 PK. 3060 > GT. 45 BT. 972 BG. 3170 > BI. 49 FR. 972 ER. 3279 > EU. 50 GL. 972 KY. 3443 > PT. 90 GS. 972 MT. 3485 > TEL. 100 GY. 972 SR. 3872 > BIZ. 101 HK. 972 DZ. 4442 > HT. 115 MX. 972 TR. 4842 > KG. 124 PM. 972 CF. 5620 > SY. 135 RS. 972 CD. 5714 > IE. 160 SA. 972 CG. 5715 > AW. 167 SB. 972 RW. 5715 > DO. 171 TL. 972 CY. 5805 > PY. 190 TT. 972 GM. 6833 > BF. 194 AF. 973 ZM. 8946 > MW. 196 KI. 973 BS. 8993 > CL. 202 LI. 973 BY. 12522 > CU. 228 MS. 973 NI. 14505 > GG. 232 RE. 973 GQ. 16774 > JE. 232 UA. 973 TJ. 18863 > SZ. 247 WF. 973 GP. 19381 > BO. 260 YT. 973 TK. 19930 > HR. 261 QA. 975 GA. 21271 > BJ. 262 DK. 980 LY. 21967 > JO. 306 AL. 989 CO. 22631 > MD. 310 KE. 1003 MM. 23587 > RO. 311 CAT. 1030 HM. 25117 > BW. 316 UG. 1036 BA. 25821 > JM. 327 AC. 1074 OM. 28411 > GOV. 335 IO. 1075 AN. 29011 > UY. 336 SH. 1075 PA. 35545 > SV. 358 MUSEUM. 1080 DM. 39263 > TG. 364 LK. 1136 YE. 43241 > UZ. 370 CM. 1139 MN. 46795 > EG. 387 NG. 1199 NE. 90071 > VN. 429 IT. 1208 ML. 195235570 > KH. 445 ZW. 1211 > > Below is a shame list of the nameservers that are at least one hour (3600 seconds) out of sync (in the past and future). Yes the first one is again more than 6 years out of sync (2249 seconds more behind than 981 days ago, or a clock skew of about 2.29256 seconds per day). > > ciwara.sotelma.ML 217.64.97.50 -195217939 > ns.intnet.NE 193.251.228.10 -90071 > ns1.magic.MN 202.131.0.10 -46795 > ns1.yemen.net.YE 65.162.184.33 -43238 > ns1.nic.DM 208.0.224.114 -38292 > ns2.nic.DM 208.0.224.115 -38292 > ns2.PA 168.77.8.7 -35545 > ns01-server.curinfo.AN 65.208.122.36 -29011 > ns2.nic.CO 157.253.99.16 -22631 > ns2.registry.HM 208.70.79.24 -17934 > ns.NI 165.98.1.2 -11645 > ns3.registry.HM 202.169.96.24 -9034 > ns1.coppernet.ZM 41.222.240.15 -8910 > ns1.coppernet.ZM 62.56.216.9 -8910 > nyali.inet.GA 217.77.71.33 -6371 > bow.intnet.CF 204.14.43.132 -5620 > casbah.eldjazair.net.DZ 193.194.81.45 3860 > ns2.sr.net 200.2.162.14 4248 > ns3.nic.TR 213.248.162.131 4842 > dns.dnsafrica.net 213.193.157.30 5715 > upr1.upr.clu.edu 136.145.1.4 5735 > ns1.nic.GM 194.63.250.217 6833 > ns1.registry.HM 208.70.79.25 7183 > root-e.taloha.TK 66.36.231.236 7508 > om16.omantel.net.OM 212.72.1.186 10861 > dns.belpak.BY 193.232.248.45 12520 > ogooue.inet.GA 217.77.71.1 14900 > sava.utic.net.BA 195.130.35.3 14993 > bow.intnet.GQ 193.251.153.78 16773 > ns1.nic.GP 193.218.114.2 17617 > dogon.sotelma.ML 217.64.98.75 17631 > root-c.taloha.TK 207.36.228.217 18322 > ns2.tojikiston.com 193.111.11.4 18853 > ns1.orangecaraibe.com 193.251.160.222 19381 > dns1.lttnet.net 62.68.42.9 21967 > ns0.mpt.net.MM 203.81.64.20 23587 > ns.BA 195.130.35.5 25821 > om14.omantel.net.OM 212.72.23.4 28411 > > > Kind regards, > > Roy > > > > > On Mar 13, 2007, at 5:49 PM, Roy Arends wrote: > >> About 3.5 years ago, I did a survey to see if nameservers, authoritative for top level domains, were in sync. Those old results can be found at: >> http://www.rfc.se/fpdns/timecheck.html >> >> I ran the survey again, in the hope things have improved, but they actually got worse. >> >> I've included part of the text I send out back then: >> >>> Time Survey. >>> >>> As an indication, clocks at authoritative nameservers responsible for >>> the top level domains (TLDs) were compared against 'actual time'. >>> >>> As input for this exercise, the NSDNAME value in authoritative name >>> server resource records (NS) in the Root Zone (SOA:2003073101) were >>> resolved for their addresses. A unique pair of name and address is >>> regarded as a single nameserver for this survey. These nameservers were >>> queried [1] for their clock value. Not every server responded, which >>> does not imply that a name server was not running. >> >> Note that I used the Root Zone version with SOA:2007031201 this time. >> >>> A received clock value is then subtracted by the 'actual time'. This >>> actual time is the mean of recorded time 'on send' and 'on receive'. >>> The recorded time has been synchronized through NTP with a set of >>> stratum 1 time servers connected to GPS receivers. >>> >>> There is a 'response timeout' of 2 seconds which implies that there may >>> be a 2 second fault. Values outside this fault window can be considered >>> "out of sync". >>> >>> To give an indication of where a server set for a domain exist in time, >>> the 'range' is shown for a domain. >>> >>> Say the TLD example has 5 nameservers, with the following offset: >>> >>> ns1.example -50 seconds >>> ns2.example -12 seconds >>> ns3.example 1 seconds >>> ns4.example 77 seconds >>> ns3.example 150 seconds >>> >>> Then 'range' for TLD 'example' is 200 (i.e. -50 to 150). >>> >>> Only domains with a range larger then 4 seconds are mentioned below. >>> >>> Note that a single nameserver may serve multiple zones. If this single >>> nameserver is N seconds out of sync, all zones served by this server >>> will be at least N seconds out of sync. >> >> I recently re-ran the script, and the results are below. Note that I've not included the domains that are 4 seconds or less out of sync. Also included here is root, listed as a single dot. >> >> Domain Range Domain Range Domain Range >> >> YU. 8 UZ. 241 GY. 3135 >> CA. 9 QA. 253 CR. 3175 >> NF. 9 IR. 258 AL. 3600 >> EU. 10 CM. 303 MD. 3650 >> NZ. 11 CD. 318 RO. 3680 >> SG. 11 RW. 318 TR. 3888 >> HN. 16 CG. 319 UG. 4395 >> SN. 19 TN. 348 HT. 4942 >> PL. 21 VU. 402 MM. 5489 >> BE. 22 AI. 410 GR. 5639 >> ID. 22 LB. 415 GG. 5723 >> KR. 28 MV. 474 JE. 5723 >> NA. 29 LA. 480 DZ. 6136 >> UA. 32 CF. 511 BH. 6496 >> BB. 36 MT. 514 HM. 6620 >> UY. 36 BW. 524 ZM. 6908 >> MX. 41 LT. 528 BY. 7440 >> GH. 57 IT. 555 MQ. 8848 >> . 60 NE. 585 KH. 10051 >> ARPA. 60 NP. 588 BT. 10062 >> CZ. 61 EC. 591 GQ. 12903 >> DO. 61 MUSEUM. 696 BO. 14806 >> BD. 63 BZ. 726 JO. 15818 >> PS. 73 MZ. 737 DM. 15980 >> TH. 88 OM. 739 GA. 16104 >> DJ. 95 CI. 755 TJ. 17614 >> LK. 100 NR. 757 TK. 17982 >> SB. 126 INT. 805 BA. 21441 >> CC. 133 SZ. 849 LY. 24933 >> ET. 133 VA. 989 BJ. 25914 >> NAME. 133 BI. 1035 YE. 28724 >> EDU. 134 ER. 1145 PA. 35999 >> JOBS. 134 TL. 1156 PK. 39921 >> TV. 134 EG. 1212 SV. 43450 >> GOV. 152 MR. 1487 VN. 45078 >> AT. 153 AD. 1532 GP. 89182 >> MK. 159 EE. 1591 AC. 89940 >> KM. 182 MY. 1671 TM. 89940 >> CAT. 189 MA. 1678 IO. 89941 >> GB. 189 JM. 1840 SH. 89941 >> KG. 204 TG. 2054 BF. 114772 >> GF. 205 NI. 2273 SY. 123066 >> MG. 214 CY. 2519 KW. 330786 >> BS. 228 SL. 2545 ML. 195229906 >> >> Below is a shame list of the nameservers that are at least one hour (3600 seconds) out of sync (in the past and future). Yes the first one is more than 6 years out of sync. >> >> ciwara.sotelma.ml 217.64.97.50 -195220188 >> castor.teleglobe.net 199.202.55.2 -115866 >> ns1.orangecaraibe.com 193.251.160.222 -75305 >> ns.telefonica-ca.net 216.184.96.4 -43296 >> ns2.pa 168.77.8.7 -35845 >> utama.bolnet.bo 166.114.1.40 -14805 >> manta.outremer.com 213.16.1.106 -9044 >> ns2.registry.hm 209.245.20.115 -8077 >> ns3.registry.hm 202.169.96.24 -5407 >> ns1.nic.ht 64.86.226.26 -4941 >> ns2.druknet.bt 202.144.128.210 -4163 >> web.eahd.or.ug 216.104.202.101 -3778 >> ns2.batelco.com.bh 193.188.97.212 -3694 >> itgbox.iat.cnr.it 146.48.65.46 3601 >> casbah.eldjazair.net.dz 193.194.81.45 3773 >> ns5.nic.tr 213.139.255.18 3889 >> ns1.microlink.zm 193.220.20.30 4378 >> grdns-us.ics.forth.gr 192.0.34.138 5509 >> ns1.druknet.bt 202.144.128.200 5899 >> ns1.zamnet.zm 196.46.192.26 6137 >> nyali.inet.ga 217.77.71.33 6412 >> dns2.net.sy 66.198.41.14 7200 >> dns.belpak.by 193.232.248.45 7441 >> dogon.sotelma.ml 217.64.98.75 9718 >> ns.camnet.com.kh 203.223.32.3 10051 >> bow.intnet.gq 193.251.153.78 12904 >> ns1.nic.gp 193.218.114.2 13877 >> petra.nic.gov.jo 193.188.66.2 14408 >> ns1.nic.dm 208.0.224.114 14471 >> ogooue.inet.ga 217.77.71.1 16105 >> ns.tojikiston.com 193.111.11.2 17614 >> root-c.taloha.tk 207.36.228.217 17982 >> ns.ba 195.130.35.5 21441 >> ns0.mpt.net.mm 203.81.64.20 21760 >> dns1.lttnet.net 62.68.42.9 24771 >> dns.lttnet.net 62.240.36.9 24934 >> nakayo.leland.bj 81.91.225.1 25915 >> dns2.kw 161.252.48.150 27045 >> ns1.mpt.net.mm 203.81.64.19 27249 >> sah2.ye 195.94.0.35 28656 >> ns.pknic.net.pk 207.44.136.109 39922 >> dns-hcm01.vnnic.net.vn 203.162.87.66 45079 >> ns3.icb.co.uk 217.199.188.61 88287 >> ns3.icb.co.uk 217.199.188.61 88288 >> dns1.kw 161.252.48.140 330833 >> >> Regards, >> >> Roy >> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www1.ietf.org/mailman/listinfo/dnsop >> > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- TLD nameserver time survey. Roy Arends
- [DNSOP] TLD nameserver time survey... again Roy Arends
- [DNSOP] Re: TLD nameserver time survey... again Stephane Bortzmeyer
- Re: [DNSOP] Re: TLD nameserver time survey... aga… Roy Arends
- [DNSOP] TLD nameserver time survey... yet again Roy Arends
- Re: [DNSOP] TLD nameserver time survey... yet aga… Roy Arends