[DNSOP] TLD nameserver time survey... yet again

Roy Arends <roy@dnss.ec> Mon, 16 November 2009 19:43 UTC

Return-Path: <roy@dnss.ec>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B48783A67B5 for <dnsop@core3.amsl.com>; Mon, 16 Nov 2009 11:43:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.951
X-Spam-Level:
X-Spam-Status: No, score=0.951 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_SE=0.35, J_CHICKENPOX_22=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8osB+6fOZHhe for <dnsop@core3.amsl.com>; Mon, 16 Nov 2009 11:43:09 -0800 (PST)
Received: from mail.schlyter.se (trinitario.schlyter.se [195.47.254.10]) by core3.amsl.com (Postfix) with ESMTP id C5A943A6864 for <dnsop@ietf.org>; Mon, 16 Nov 2009 11:43:08 -0800 (PST)
Received: from a82-94-105-54.adsl.xs4all.nl (a82-94-105-54.adsl.xs4all.nl [82.94.105.54]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: roy) by mail.schlyter.se (Postfix) with ESMTPSA id 8BAA72D587; Mon, 16 Nov 2009 20:43:04 +0100 (MET)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Roy Arends <roy@dnss.ec>
In-Reply-To: <11FB6FD7-7AB6-45AB-86EF-338D93F424C6@dnss.ec>
Date: Mon, 16 Nov 2009 20:43:03 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <196AC22D-654D-4B07-9073-166968D37DDC@dnss.ec>
References: <Pine.LNX.4.56.0308051055450.2490@elektron.atoom.net> <11FB6FD7-7AB6-45AB-86EF-338D93F424C6@dnss.ec>
To: IETF DNSOP WG <dnsop@ietf.org>
X-Mailer: Apple Mail (2.1077)
Cc: Roy Arends <roy@dnss.ec>
Subject: [DNSOP] TLD nameserver time survey... yet again
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2009 19:43:10 -0000

About 2.5 years, and 6 years ago, I did a survey to see if nameservers, authoritative for top level domains, were in sync. I've just done it again. Here are the results. Note that I used the Root Zone version with SOA:2009111600 this time.

The number following the domain, is the largest difference in seconds between nameservers responsible for the domain.

AQ.         5	CR.       505	DJ.      1271
ID.         6	GR.       659	NP.      1317
BN.         8	ET.       669	CI.      1319
YU.         8	SN.       847	MY.      1416
AR.        11	MG.       931	MV.      1451
GE.        11	CH.       971	PR.      1582
WS.        19	CX.       971	TM.      1961
MK.        27	LS.       971	KM.      2166
GH.        28	MU.       971	MZ.      2188
VU.        36	NA.       971	MA.      2308
INT.       38	PS.       971	MR.      2531
KR.        42	AE.       972	PK.      3060
GT.        45	BT.       972	BG.      3170
BI.        49	FR.       972	ER.      3279
EU.        50	GL.       972	KY.      3443
PT.        90	GS.       972	MT.      3485
TEL.      100	GY.       972	SR.      3872
BIZ.      101	HK.       972	DZ.      4442
HT.       115	MX.       972	TR.      4842
KG.       124	PM.       972	CF.      5620
SY.       135	RS.       972	CD.      5714
IE.       160	SA.       972	CG.      5715
AW.       167	SB.       972	RW.      5715
DO.       171	TL.       972	CY.      5805
PY.       190	TT.       972	GM.      6833
BF.       194	AF.       973	ZM.      8946
MW.       196	KI.       973	BS.      8993
CL.       202	LI.       973	BY.     12522
CU.       228	MS.       973	NI.     14505
GG.       232	RE.       973	GQ.     16774
JE.       232	UA.       973	TJ.     18863
SZ.       247	WF.       973	GP.     19381
BO.       260	YT.       973	TK.     19930
HR.       261	QA.       975	GA.     21271
BJ.       262	DK.       980	LY.     21967
JO.       306	AL.       989	CO.     22631
MD.       310	KE.      1003	MM.     23587
RO.       311	CAT.     1030	HM.     25117
BW.       316	UG.      1036	BA.     25821
JM.       327	AC.      1074	OM.     28411
GOV.      335	IO.      1075	AN.     29011
UY.       336	SH.      1075	PA.     35545
SV.       358	MUSEUM.  1080	DM.     39263
TG.       364	LK.      1136	YE.     43241
UZ.       370	CM.      1139	MN.     46795
EG.       387	NG.      1199	NE.     90071
VN.       429	IT.      1208	ML.    195235570
KH.       445	ZW.      1211

Below is a shame list of the nameservers that are at least one hour (3600 seconds) out of sync (in the past and future). Yes the first one is again more than 6 years out of sync (2249 seconds more behind than 981 days ago, or a clock skew of about 2.29256 seconds per day).

      ciwara.sotelma.ML    217.64.97.50 -195217939
           ns.intnet.NE  193.251.228.10    -90071
           ns1.magic.MN    202.131.0.10    -46795
       ns1.yemen.net.YE   65.162.184.33    -43238
             ns1.nic.DM   208.0.224.114    -38292
             ns2.nic.DM   208.0.224.115    -38292
                 ns2.PA      168.77.8.7    -35545
 ns01-server.curinfo.AN   65.208.122.36    -29011
             ns2.nic.CO   157.253.99.16    -22631
        ns2.registry.HM    208.70.79.24    -17934
                  ns.NI      165.98.1.2    -11645
        ns3.registry.HM   202.169.96.24     -9034
       ns1.coppernet.ZM   41.222.240.15     -8910
       ns1.coppernet.ZM     62.56.216.9     -8910
          nyali.inet.GA    217.77.71.33     -6371
          bow.intnet.CF   204.14.43.132     -5620
casbah.eldjazair.net.DZ   193.194.81.45      3860
             ns2.sr.net    200.2.162.14      4248
             ns3.nic.TR 213.248.162.131      4842
      dns.dnsafrica.net  213.193.157.30      5715
       upr1.upr.clu.edu     136.145.1.4      5735
             ns1.nic.GM  194.63.250.217      6833
        ns1.registry.HM    208.70.79.25      7183
       root-e.taloha.TK   66.36.231.236      7508
    om16.omantel.net.OM    212.72.1.186     10861
          dns.belpak.BY  193.232.248.45     12520
         ogooue.inet.GA     217.77.71.1     14900
       sava.utic.net.BA    195.130.35.3     14993
          bow.intnet.GQ  193.251.153.78     16773
             ns1.nic.GP   193.218.114.2     17617
       dogon.sotelma.ML    217.64.98.75     17631
       root-c.taloha.TK  207.36.228.217     18322
     ns2.tojikiston.com    193.111.11.4     18853
  ns1.orangecaraibe.com 193.251.160.222     19381
        dns1.lttnet.net      62.68.42.9     21967
         ns0.mpt.net.MM    203.81.64.20     23587
                  ns.BA    195.130.35.5     25821
    om14.omantel.net.OM     212.72.23.4     28411


Kind regards,

Roy




On Mar 13, 2007, at 5:49 PM, Roy Arends wrote:

> About 3.5 years ago, I did a survey to see if nameservers, authoritative for top level domains, were in sync. Those old results can be found at:
> http://www.rfc.se/fpdns/timecheck.html
> 
> I ran the survey again, in the hope things have improved, but they actually got worse.
> 
> I've included part of the text I send out back then:
> 
>> Time Survey.
>> 
>>   As an indication, clocks at authoritative nameservers responsible for
>>   the top level domains (TLDs) were compared against 'actual time'.
>> 
>>   As input for this exercise, the NSDNAME value in authoritative name
>>   server resource records (NS) in the Root Zone (SOA:2003073101) were
>>   resolved for their addresses. A unique pair of name and address is
>>   regarded as a single nameserver for this survey. These nameservers were
>>   queried [1] for their clock value. Not every server responded, which
>>   does not imply that a name server was not running.
> 
> Note that I used the Root Zone version with SOA:2007031201 this time.
> 
>>   A received clock value is then subtracted by the 'actual time'. This
>>   actual time is the mean of recorded time 'on send' and 'on receive'.
>>   The recorded time has been synchronized through NTP with a set of
>>   stratum 1 time servers connected to GPS receivers.
>> 
>>   There is a 'response timeout' of 2 seconds which implies that there may
>>   be a 2 second fault. Values outside this fault window can be considered
>>   "out of sync".
>> 
>>   To give an indication of where a server set for a domain exist in time,
>>   the 'range' is shown for a domain.
>> 
>>   Say the TLD example has 5 nameservers, with the following offset:
>> 
>>        ns1.example   -50 seconds
>>        ns2.example   -12 seconds
>>        ns3.example     1 seconds
>>        ns4.example    77 seconds
>>        ns3.example   150 seconds
>> 
>>   Then 'range' for TLD 'example' is 200 (i.e. -50 to 150).
>> 
>>   Only domains with a range larger then 4 seconds are mentioned below.
>> 
>>   Note that a single nameserver may serve multiple zones. If this single
>>   nameserver is N seconds out of sync, all zones served by this server
>>   will be at least N seconds out of sync.
> 
> I recently re-ran the script, and the results are below. Note that I've not included the domains that are 4 seconds or less out of sync. Also included here is root, listed as a single dot.
> 
> Domain  Range           Domain  Range           Domain  Range
> 
> YU.         8           UZ.       241           GY.      3135
> CA.         9           QA.       253           CR.      3175
> NF.         9           IR.       258           AL.      3600
> EU.        10           CM.       303           MD.      3650
> NZ.        11           CD.       318           RO.      3680
> SG.        11           RW.       318           TR.      3888
> HN.        16           CG.       319           UG.      4395
> SN.        19           TN.       348           HT.      4942
> PL.        21           VU.       402           MM.      5489
> BE.        22           AI.       410           GR.      5639
> ID.        22           LB.       415           GG.      5723
> KR.        28           MV.       474           JE.      5723
> NA.        29           LA.       480           DZ.      6136
> UA.        32           CF.       511           BH.      6496
> BB.        36           MT.       514           HM.      6620
> UY.        36           BW.       524           ZM.      6908
> MX.        41           LT.       528           BY.      7440
> GH.        57           IT.       555           MQ.      8848
> .          60           NE.       585           KH.     10051
> ARPA.      60           NP.       588           BT.     10062
> CZ.        61           EC.       591           GQ.     12903
> DO.        61           MUSEUM.   696           BO.     14806
> BD.        63           BZ.       726           JO.     15818
> PS.        73           MZ.       737           DM.     15980
> TH.        88           OM.       739           GA.     16104
> DJ.        95           CI.       755           TJ.     17614
> LK.       100           NR.       757           TK.     17982
> SB.       126           INT.      805           BA.     21441
> CC.       133           SZ.       849           LY.     24933
> ET.       133           VA.       989           BJ.     25914
> NAME.     133           BI.      1035           YE.     28724
> EDU.      134           ER.      1145           PA.     35999
> JOBS.     134           TL.      1156           PK.     39921
> TV.       134           EG.      1212           SV.     43450
> GOV.      152           MR.      1487           VN.     45078
> AT.       153           AD.      1532           GP.     89182
> MK.       159           EE.      1591           AC.     89940
> KM.       182           MY.      1671           TM.     89940
> CAT.      189           MA.      1678           IO.     89941
> GB.       189           JM.      1840           SH.     89941
> KG.       204           TG.      2054           BF.    114772
> GF.       205           NI.      2273           SY.    123066
> MG.       214           CY.      2519           KW.    330786
> BS.       228           SL.      2545           ML.    195229906
> 
> Below is a shame list of the nameservers that are at least one hour (3600 seconds) out of sync (in the past and future). Yes the first one is more than 6 years out of sync.
> 
> ciwara.sotelma.ml        217.64.97.50    -195220188
> castor.teleglobe.net     199.202.55.2       -115866
> ns1.orangecaraibe.com    193.251.160.222     -75305
> ns.telefonica-ca.net     216.184.96.4        -43296
> ns2.pa                   168.77.8.7          -35845
> utama.bolnet.bo          166.114.1.40        -14805
> manta.outremer.com       213.16.1.106         -9044
> ns2.registry.hm          209.245.20.115       -8077
> ns3.registry.hm          202.169.96.24        -5407
> ns1.nic.ht               64.86.226.26         -4941
> ns2.druknet.bt           202.144.128.210      -4163
> web.eahd.or.ug           216.104.202.101      -3778
> ns2.batelco.com.bh       193.188.97.212       -3694
> itgbox.iat.cnr.it        146.48.65.46          3601
> casbah.eldjazair.net.dz  193.194.81.45         3773
> ns5.nic.tr               213.139.255.18        3889
> ns1.microlink.zm         193.220.20.30         4378
> grdns-us.ics.forth.gr    192.0.34.138          5509
> ns1.druknet.bt           202.144.128.200       5899
> ns1.zamnet.zm            196.46.192.26         6137
> nyali.inet.ga            217.77.71.33          6412
> dns2.net.sy              66.198.41.14          7200
> dns.belpak.by            193.232.248.45        7441
> dogon.sotelma.ml         217.64.98.75          9718
> ns.camnet.com.kh         203.223.32.3         10051
> bow.intnet.gq            193.251.153.78       12904
> ns1.nic.gp               193.218.114.2        13877
> petra.nic.gov.jo         193.188.66.2         14408
> ns1.nic.dm               208.0.224.114        14471
> ogooue.inet.ga           217.77.71.1          16105
> ns.tojikiston.com        193.111.11.2         17614
> root-c.taloha.tk         207.36.228.217       17982
> ns.ba                    195.130.35.5         21441
> ns0.mpt.net.mm           203.81.64.20         21760
> dns1.lttnet.net          62.68.42.9           24771
> dns.lttnet.net           62.240.36.9          24934
> nakayo.leland.bj         81.91.225.1          25915
> dns2.kw                  161.252.48.150       27045
> ns1.mpt.net.mm           203.81.64.19         27249
> sah2.ye                  195.94.0.35          28656
> ns.pknic.net.pk          207.44.136.109       39922
> dns-hcm01.vnnic.net.vn   203.162.87.66        45079
> ns3.icb.co.uk            217.199.188.61       88287
> ns3.icb.co.uk            217.199.188.61       88288
> dns1.kw                  161.252.48.140      330833
> 
> Regards,
> 
> Roy
> 
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www1.ietf.org/mailman/listinfo/dnsop
>