[DNSOP] TLD nameserver time survey... again
Roy Arends <roy@dnss.ec> Tue, 13 March 2007 16:49 UTC
Return-path: <dnsop-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HRABx-00066C-Rq; Tue, 13 Mar 2007 12:49:41 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HRABw-00065w-J1 for dnsop@ietf.org; Tue, 13 Mar 2007 12:49:40 -0400
Received: from trinitario.schlyter.se ([195.47.254.10] helo=mail.schlyter.se) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HRABu-0004ws-3X for dnsop@ietf.org; Tue, 13 Mar 2007 12:49:39 -0400
Received: from [82.94.105.61] (a82-94-105-61.adsl.xs4all.nl [82.94.105.61]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: roy) by mail.schlyter.se (Postfix) with ESMTP id A9C162D4D2 for <dnsop@ietf.org>; Tue, 13 Mar 2007 17:49:34 +0100 (MET)
Mime-Version: 1.0 (Apple Message framework v752.3)
In-Reply-To: <Pine.LNX.4.56.0308051055450.2490@elektron.atoom.net>
References: <Pine.LNX.4.56.0308051055450.2490@elektron.atoom.net>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <11FB6FD7-7AB6-45AB-86EF-338D93F424C6@dnss.ec>
Content-Transfer-Encoding: 7bit
From: Roy Arends <roy@dnss.ec>
Date: Tue, 13 Mar 2007 17:49:24 +0100
To: IETF DNSOP WG <dnsop@ietf.org>
X-Mailer: Apple Mail (2.752.3)
X-Spam-Score: 0.1 (/)
X-Scan-Signature: e472ca43d56132790a46d9eefd95f0a5
Subject: [DNSOP] TLD nameserver time survey... again
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Errors-To: dnsop-bounces@ietf.org
About 3.5 years ago, I did a survey to see if nameservers, authoritative for top level domains, were in sync. Those old results can be found at: http://www.rfc.se/fpdns/timecheck.html I ran the survey again, in the hope things have improved, but they actually got worse. I've included part of the text I send out back then: > Time Survey. > > As an indication, clocks at authoritative nameservers > responsible for > the top level domains (TLDs) were compared against 'actual time'. > > As input for this exercise, the NSDNAME value in authoritative name > server resource records (NS) in the Root Zone (SOA:2003073101) were > resolved for their addresses. A unique pair of name and address is > regarded as a single nameserver for this survey. These > nameservers were > queried [1] for their clock value. Not every server responded, > which > does not imply that a name server was not running. Note that I used the Root Zone version with SOA:2007031201 this time. > A received clock value is then subtracted by the 'actual time'. > This > actual time is the mean of recorded time 'on send' and 'on > receive'. > The recorded time has been synchronized through NTP with a set of > stratum 1 time servers connected to GPS receivers. > > There is a 'response timeout' of 2 seconds which implies that > there may > be a 2 second fault. Values outside this fault window can be > considered > "out of sync". > > To give an indication of where a server set for a domain exist > in time, > the 'range' is shown for a domain. > > Say the TLD example has 5 nameservers, with the following offset: > > ns1.example -50 seconds > ns2.example -12 seconds > ns3.example 1 seconds > ns4.example 77 seconds > ns3.example 150 seconds > > Then 'range' for TLD 'example' is 200 (i.e. -50 to 150). > > Only domains with a range larger then 4 seconds are mentioned > below. > > Note that a single nameserver may serve multiple zones. If this > single > nameserver is N seconds out of sync, all zones served by this > server > will be at least N seconds out of sync. I recently re-ran the script, and the results are below. Note that I've not included the domains that are 4 seconds or less out of sync. Also included here is root, listed as a single dot. Domain Range Domain Range Domain Range YU. 8 UZ. 241 GY. 3135 CA. 9 QA. 253 CR. 3175 NF. 9 IR. 258 AL. 3600 EU. 10 CM. 303 MD. 3650 NZ. 11 CD. 318 RO. 3680 SG. 11 RW. 318 TR. 3888 HN. 16 CG. 319 UG. 4395 SN. 19 TN. 348 HT. 4942 PL. 21 VU. 402 MM. 5489 BE. 22 AI. 410 GR. 5639 ID. 22 LB. 415 GG. 5723 KR. 28 MV. 474 JE. 5723 NA. 29 LA. 480 DZ. 6136 UA. 32 CF. 511 BH. 6496 BB. 36 MT. 514 HM. 6620 UY. 36 BW. 524 ZM. 6908 MX. 41 LT. 528 BY. 7440 GH. 57 IT. 555 MQ. 8848 . 60 NE. 585 KH. 10051 ARPA. 60 NP. 588 BT. 10062 CZ. 61 EC. 591 GQ. 12903 DO. 61 MUSEUM. 696 BO. 14806 BD. 63 BZ. 726 JO. 15818 PS. 73 MZ. 737 DM. 15980 TH. 88 OM. 739 GA. 16104 DJ. 95 CI. 755 TJ. 17614 LK. 100 NR. 757 TK. 17982 SB. 126 INT. 805 BA. 21441 CC. 133 SZ. 849 LY. 24933 ET. 133 VA. 989 BJ. 25914 NAME. 133 BI. 1035 YE. 28724 EDU. 134 ER. 1145 PA. 35999 JOBS. 134 TL. 1156 PK. 39921 TV. 134 EG. 1212 SV. 43450 GOV. 152 MR. 1487 VN. 45078 AT. 153 AD. 1532 GP. 89182 MK. 159 EE. 1591 AC. 89940 KM. 182 MY. 1671 TM. 89940 CAT. 189 MA. 1678 IO. 89941 GB. 189 JM. 1840 SH. 89941 KG. 204 TG. 2054 BF. 114772 GF. 205 NI. 2273 SY. 123066 MG. 214 CY. 2519 KW. 330786 BS. 228 SL. 2545 ML. 195229906 Below is a shame list of the nameservers that are at least one hour (3600 seconds) out of sync (in the past and future). Yes the first one is more than 6 years out of sync. ciwara.sotelma.ml 217.64.97.50 -195220188 castor.teleglobe.net 199.202.55.2 -115866 ns1.orangecaraibe.com 193.251.160.222 -75305 ns.telefonica-ca.net 216.184.96.4 -43296 ns2.pa 168.77.8.7 -35845 utama.bolnet.bo 166.114.1.40 -14805 manta.outremer.com 213.16.1.106 -9044 ns2.registry.hm 209.245.20.115 -8077 ns3.registry.hm 202.169.96.24 -5407 ns1.nic.ht 64.86.226.26 -4941 ns2.druknet.bt 202.144.128.210 -4163 web.eahd.or.ug 216.104.202.101 -3778 ns2.batelco.com.bh 193.188.97.212 -3694 itgbox.iat.cnr.it 146.48.65.46 3601 casbah.eldjazair.net.dz 193.194.81.45 3773 ns5.nic.tr 213.139.255.18 3889 ns1.microlink.zm 193.220.20.30 4378 grdns-us.ics.forth.gr 192.0.34.138 5509 ns1.druknet.bt 202.144.128.200 5899 ns1.zamnet.zm 196.46.192.26 6137 nyali.inet.ga 217.77.71.33 6412 dns2.net.sy 66.198.41.14 7200 dns.belpak.by 193.232.248.45 7441 dogon.sotelma.ml 217.64.98.75 9718 ns.camnet.com.kh 203.223.32.3 10051 bow.intnet.gq 193.251.153.78 12904 ns1.nic.gp 193.218.114.2 13877 petra.nic.gov.jo 193.188.66.2 14408 ns1.nic.dm 208.0.224.114 14471 ogooue.inet.ga 217.77.71.1 16105 ns.tojikiston.com 193.111.11.2 17614 root-c.taloha.tk 207.36.228.217 17982 ns.ba 195.130.35.5 21441 ns0.mpt.net.mm 203.81.64.20 21760 dns1.lttnet.net 62.68.42.9 24771 dns.lttnet.net 62.240.36.9 24934 nakayo.leland.bj 81.91.225.1 25915 dns2.kw 161.252.48.150 27045 ns1.mpt.net.mm 203.81.64.19 27249 sah2.ye 195.94.0.35 28656 ns.pknic.net.pk 207.44.136.109 39922 dns-hcm01.vnnic.net.vn 203.162.87.66 45079 ns3.icb.co.uk 217.199.188.61 88287 ns3.icb.co.uk 217.199.188.61 88288 dns1.kw 161.252.48.140 330833 Regards, Roy _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop
- TLD nameserver time survey. Roy Arends
- [DNSOP] TLD nameserver time survey... again Roy Arends
- [DNSOP] Re: TLD nameserver time survey... again Stephane Bortzmeyer
- Re: [DNSOP] Re: TLD nameserver time survey... aga… Roy Arends
- [DNSOP] TLD nameserver time survey... yet again Roy Arends
- Re: [DNSOP] TLD nameserver time survey... yet aga… Roy Arends