[DNSOP] TLD nameserver time survey... yet again
Roy Arends <roy@dnss.ec> Mon, 16 November 2009 19:43 UTC
Return-Path: <roy@dnss.ec>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B48783A67B5 for <dnsop@core3.amsl.com>; Mon, 16 Nov 2009 11:43:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.951
X-Spam-Level:
X-Spam-Status: No, score=0.951 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_SE=0.35, J_CHICKENPOX_22=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8osB+6fOZHhe for <dnsop@core3.amsl.com>; Mon, 16 Nov 2009 11:43:09 -0800 (PST)
Received: from mail.schlyter.se (trinitario.schlyter.se [195.47.254.10]) by core3.amsl.com (Postfix) with ESMTP id C5A943A6864 for <dnsop@ietf.org>; Mon, 16 Nov 2009 11:43:08 -0800 (PST)
Received: from a82-94-105-54.adsl.xs4all.nl (a82-94-105-54.adsl.xs4all.nl [82.94.105.54]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: roy) by mail.schlyter.se (Postfix) with ESMTPSA id 8BAA72D587; Mon, 16 Nov 2009 20:43:04 +0100 (MET)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Roy Arends <roy@dnss.ec>
In-Reply-To: <11FB6FD7-7AB6-45AB-86EF-338D93F424C6@dnss.ec>
Date: Mon, 16 Nov 2009 20:43:03 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <196AC22D-654D-4B07-9073-166968D37DDC@dnss.ec>
References: <Pine.LNX.4.56.0308051055450.2490@elektron.atoom.net> <11FB6FD7-7AB6-45AB-86EF-338D93F424C6@dnss.ec>
To: IETF DNSOP WG <dnsop@ietf.org>
X-Mailer: Apple Mail (2.1077)
Cc: Roy Arends <roy@dnss.ec>
Subject: [DNSOP] TLD nameserver time survey... yet again
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2009 19:43:10 -0000
About 2.5 years, and 6 years ago, I did a survey to see if nameservers, authoritative for top level domains, were in sync. I've just done it again. Here are the results. Note that I used the Root Zone version with SOA:2009111600 this time. The number following the domain, is the largest difference in seconds between nameservers responsible for the domain. AQ. 5 CR. 505 DJ. 1271 ID. 6 GR. 659 NP. 1317 BN. 8 ET. 669 CI. 1319 YU. 8 SN. 847 MY. 1416 AR. 11 MG. 931 MV. 1451 GE. 11 CH. 971 PR. 1582 WS. 19 CX. 971 TM. 1961 MK. 27 LS. 971 KM. 2166 GH. 28 MU. 971 MZ. 2188 VU. 36 NA. 971 MA. 2308 INT. 38 PS. 971 MR. 2531 KR. 42 AE. 972 PK. 3060 GT. 45 BT. 972 BG. 3170 BI. 49 FR. 972 ER. 3279 EU. 50 GL. 972 KY. 3443 PT. 90 GS. 972 MT. 3485 TEL. 100 GY. 972 SR. 3872 BIZ. 101 HK. 972 DZ. 4442 HT. 115 MX. 972 TR. 4842 KG. 124 PM. 972 CF. 5620 SY. 135 RS. 972 CD. 5714 IE. 160 SA. 972 CG. 5715 AW. 167 SB. 972 RW. 5715 DO. 171 TL. 972 CY. 5805 PY. 190 TT. 972 GM. 6833 BF. 194 AF. 973 ZM. 8946 MW. 196 KI. 973 BS. 8993 CL. 202 LI. 973 BY. 12522 CU. 228 MS. 973 NI. 14505 GG. 232 RE. 973 GQ. 16774 JE. 232 UA. 973 TJ. 18863 SZ. 247 WF. 973 GP. 19381 BO. 260 YT. 973 TK. 19930 HR. 261 QA. 975 GA. 21271 BJ. 262 DK. 980 LY. 21967 JO. 306 AL. 989 CO. 22631 MD. 310 KE. 1003 MM. 23587 RO. 311 CAT. 1030 HM. 25117 BW. 316 UG. 1036 BA. 25821 JM. 327 AC. 1074 OM. 28411 GOV. 335 IO. 1075 AN. 29011 UY. 336 SH. 1075 PA. 35545 SV. 358 MUSEUM. 1080 DM. 39263 TG. 364 LK. 1136 YE. 43241 UZ. 370 CM. 1139 MN. 46795 EG. 387 NG. 1199 NE. 90071 VN. 429 IT. 1208 ML. 195235570 KH. 445 ZW. 1211 Below is a shame list of the nameservers that are at least one hour (3600 seconds) out of sync (in the past and future). Yes the first one is again more than 6 years out of sync (2249 seconds more behind than 981 days ago, or a clock skew of about 2.29256 seconds per day). ciwara.sotelma.ML 217.64.97.50 -195217939 ns.intnet.NE 193.251.228.10 -90071 ns1.magic.MN 202.131.0.10 -46795 ns1.yemen.net.YE 65.162.184.33 -43238 ns1.nic.DM 208.0.224.114 -38292 ns2.nic.DM 208.0.224.115 -38292 ns2.PA 168.77.8.7 -35545 ns01-server.curinfo.AN 65.208.122.36 -29011 ns2.nic.CO 157.253.99.16 -22631 ns2.registry.HM 208.70.79.24 -17934 ns.NI 165.98.1.2 -11645 ns3.registry.HM 202.169.96.24 -9034 ns1.coppernet.ZM 41.222.240.15 -8910 ns1.coppernet.ZM 62.56.216.9 -8910 nyali.inet.GA 217.77.71.33 -6371 bow.intnet.CF 204.14.43.132 -5620 casbah.eldjazair.net.DZ 193.194.81.45 3860 ns2.sr.net 200.2.162.14 4248 ns3.nic.TR 213.248.162.131 4842 dns.dnsafrica.net 213.193.157.30 5715 upr1.upr.clu.edu 136.145.1.4 5735 ns1.nic.GM 194.63.250.217 6833 ns1.registry.HM 208.70.79.25 7183 root-e.taloha.TK 66.36.231.236 7508 om16.omantel.net.OM 212.72.1.186 10861 dns.belpak.BY 193.232.248.45 12520 ogooue.inet.GA 217.77.71.1 14900 sava.utic.net.BA 195.130.35.3 14993 bow.intnet.GQ 193.251.153.78 16773 ns1.nic.GP 193.218.114.2 17617 dogon.sotelma.ML 217.64.98.75 17631 root-c.taloha.TK 207.36.228.217 18322 ns2.tojikiston.com 193.111.11.4 18853 ns1.orangecaraibe.com 193.251.160.222 19381 dns1.lttnet.net 62.68.42.9 21967 ns0.mpt.net.MM 203.81.64.20 23587 ns.BA 195.130.35.5 25821 om14.omantel.net.OM 212.72.23.4 28411 Kind regards, Roy On Mar 13, 2007, at 5:49 PM, Roy Arends wrote: > About 3.5 years ago, I did a survey to see if nameservers, authoritative for top level domains, were in sync. Those old results can be found at: > http://www.rfc.se/fpdns/timecheck.html > > I ran the survey again, in the hope things have improved, but they actually got worse. > > I've included part of the text I send out back then: > >> Time Survey. >> >> As an indication, clocks at authoritative nameservers responsible for >> the top level domains (TLDs) were compared against 'actual time'. >> >> As input for this exercise, the NSDNAME value in authoritative name >> server resource records (NS) in the Root Zone (SOA:2003073101) were >> resolved for their addresses. A unique pair of name and address is >> regarded as a single nameserver for this survey. These nameservers were >> queried [1] for their clock value. Not every server responded, which >> does not imply that a name server was not running. > > Note that I used the Root Zone version with SOA:2007031201 this time. > >> A received clock value is then subtracted by the 'actual time'. This >> actual time is the mean of recorded time 'on send' and 'on receive'. >> The recorded time has been synchronized through NTP with a set of >> stratum 1 time servers connected to GPS receivers. >> >> There is a 'response timeout' of 2 seconds which implies that there may >> be a 2 second fault. Values outside this fault window can be considered >> "out of sync". >> >> To give an indication of where a server set for a domain exist in time, >> the 'range' is shown for a domain. >> >> Say the TLD example has 5 nameservers, with the following offset: >> >> ns1.example -50 seconds >> ns2.example -12 seconds >> ns3.example 1 seconds >> ns4.example 77 seconds >> ns3.example 150 seconds >> >> Then 'range' for TLD 'example' is 200 (i.e. -50 to 150). >> >> Only domains with a range larger then 4 seconds are mentioned below. >> >> Note that a single nameserver may serve multiple zones. If this single >> nameserver is N seconds out of sync, all zones served by this server >> will be at least N seconds out of sync. > > I recently re-ran the script, and the results are below. Note that I've not included the domains that are 4 seconds or less out of sync. Also included here is root, listed as a single dot. > > Domain Range Domain Range Domain Range > > YU. 8 UZ. 241 GY. 3135 > CA. 9 QA. 253 CR. 3175 > NF. 9 IR. 258 AL. 3600 > EU. 10 CM. 303 MD. 3650 > NZ. 11 CD. 318 RO. 3680 > SG. 11 RW. 318 TR. 3888 > HN. 16 CG. 319 UG. 4395 > SN. 19 TN. 348 HT. 4942 > PL. 21 VU. 402 MM. 5489 > BE. 22 AI. 410 GR. 5639 > ID. 22 LB. 415 GG. 5723 > KR. 28 MV. 474 JE. 5723 > NA. 29 LA. 480 DZ. 6136 > UA. 32 CF. 511 BH. 6496 > BB. 36 MT. 514 HM. 6620 > UY. 36 BW. 524 ZM. 6908 > MX. 41 LT. 528 BY. 7440 > GH. 57 IT. 555 MQ. 8848 > . 60 NE. 585 KH. 10051 > ARPA. 60 NP. 588 BT. 10062 > CZ. 61 EC. 591 GQ. 12903 > DO. 61 MUSEUM. 696 BO. 14806 > BD. 63 BZ. 726 JO. 15818 > PS. 73 MZ. 737 DM. 15980 > TH. 88 OM. 739 GA. 16104 > DJ. 95 CI. 755 TJ. 17614 > LK. 100 NR. 757 TK. 17982 > SB. 126 INT. 805 BA. 21441 > CC. 133 SZ. 849 LY. 24933 > ET. 133 VA. 989 BJ. 25914 > NAME. 133 BI. 1035 YE. 28724 > EDU. 134 ER. 1145 PA. 35999 > JOBS. 134 TL. 1156 PK. 39921 > TV. 134 EG. 1212 SV. 43450 > GOV. 152 MR. 1487 VN. 45078 > AT. 153 AD. 1532 GP. 89182 > MK. 159 EE. 1591 AC. 89940 > KM. 182 MY. 1671 TM. 89940 > CAT. 189 MA. 1678 IO. 89941 > GB. 189 JM. 1840 SH. 89941 > KG. 204 TG. 2054 BF. 114772 > GF. 205 NI. 2273 SY. 123066 > MG. 214 CY. 2519 KW. 330786 > BS. 228 SL. 2545 ML. 195229906 > > Below is a shame list of the nameservers that are at least one hour (3600 seconds) out of sync (in the past and future). Yes the first one is more than 6 years out of sync. > > ciwara.sotelma.ml 217.64.97.50 -195220188 > castor.teleglobe.net 199.202.55.2 -115866 > ns1.orangecaraibe.com 193.251.160.222 -75305 > ns.telefonica-ca.net 216.184.96.4 -43296 > ns2.pa 168.77.8.7 -35845 > utama.bolnet.bo 166.114.1.40 -14805 > manta.outremer.com 213.16.1.106 -9044 > ns2.registry.hm 209.245.20.115 -8077 > ns3.registry.hm 202.169.96.24 -5407 > ns1.nic.ht 64.86.226.26 -4941 > ns2.druknet.bt 202.144.128.210 -4163 > web.eahd.or.ug 216.104.202.101 -3778 > ns2.batelco.com.bh 193.188.97.212 -3694 > itgbox.iat.cnr.it 146.48.65.46 3601 > casbah.eldjazair.net.dz 193.194.81.45 3773 > ns5.nic.tr 213.139.255.18 3889 > ns1.microlink.zm 193.220.20.30 4378 > grdns-us.ics.forth.gr 192.0.34.138 5509 > ns1.druknet.bt 202.144.128.200 5899 > ns1.zamnet.zm 196.46.192.26 6137 > nyali.inet.ga 217.77.71.33 6412 > dns2.net.sy 66.198.41.14 7200 > dns.belpak.by 193.232.248.45 7441 > dogon.sotelma.ml 217.64.98.75 9718 > ns.camnet.com.kh 203.223.32.3 10051 > bow.intnet.gq 193.251.153.78 12904 > ns1.nic.gp 193.218.114.2 13877 > petra.nic.gov.jo 193.188.66.2 14408 > ns1.nic.dm 208.0.224.114 14471 > ogooue.inet.ga 217.77.71.1 16105 > ns.tojikiston.com 193.111.11.2 17614 > root-c.taloha.tk 207.36.228.217 17982 > ns.ba 195.130.35.5 21441 > ns0.mpt.net.mm 203.81.64.20 21760 > dns1.lttnet.net 62.68.42.9 24771 > dns.lttnet.net 62.240.36.9 24934 > nakayo.leland.bj 81.91.225.1 25915 > dns2.kw 161.252.48.150 27045 > ns1.mpt.net.mm 203.81.64.19 27249 > sah2.ye 195.94.0.35 28656 > ns.pknic.net.pk 207.44.136.109 39922 > dns-hcm01.vnnic.net.vn 203.162.87.66 45079 > ns3.icb.co.uk 217.199.188.61 88287 > ns3.icb.co.uk 217.199.188.61 88288 > dns1.kw 161.252.48.140 330833 > > Regards, > > Roy > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www1.ietf.org/mailman/listinfo/dnsop >
- TLD nameserver time survey. Roy Arends
- [DNSOP] TLD nameserver time survey... again Roy Arends
- [DNSOP] Re: TLD nameserver time survey... again Stephane Bortzmeyer
- Re: [DNSOP] Re: TLD nameserver time survey... aga… Roy Arends
- [DNSOP] TLD nameserver time survey... yet again Roy Arends
- Re: [DNSOP] TLD nameserver time survey... yet aga… Roy Arends