Solved Issue with ntpdate: NTP server IP DNS resolution

eddietorial_net

eddietorial_net

I have ntpdate enabled during installation, and ntp.conf has the default server pool. I assume this automatically picks the closest pool as per my location. I noticed an unusual domain when booting up my laptop this morning.

/etc/rc.conf
Code: 
ntpdate_enable="YES"
ntpd_enable="YES"


/etc/ntp.conf
Code: 
pool 0.freebsd.pool.ntp.org iburst


dmesg
Code: 
 2 Oct 11:15:44 ntpdate[29461]: sendto(5.189.141.35 (mail.deva-ayurveda.eu)): No route to host
 2 Oct 11:15:51 ntpdate[29461]: step time server 52.172.27.135 offset -0.200342 sec


It seems like 5.189.141.35 is part of 0.asia.pool.ntp.org as per https://www.robtex.com/dns-lookup/0.asia.pool.ntp.org

However, 5.189.141.35 also resolves to mail.deva-ayurveda.eu as per https://www.findip-address.com/

I think I may just have to put in a custom list of servers from http://support.ntp.org/bin/view/Servers/WebHome#Finding_A_Time_Server

I would like to know if it is normal to see these kind of name resolutions when using the default ntp pool? Or is this is a one-off case and nothing to worry about?
 
I wouldn’t worry about it. According to your dmesg, the first access failed (probably your network interface wasn’t ready yet during the boot process), but the next try a few seconds later (using a different server) was successful and adjusted your local clock by -0.2 s. This is quite normal.

Since you enabled ntpd, it will care for keeping your clock in sync. You can type ntpq -p to see the associations with NTP peers. It prints several lines (one per peer), one of which should have an asterisk “*” in the first column, and a number less than 16 in the “st” column (stratum value). If that’s the case, everything is fine.

And even if you lose synchronization to NTP servers temporarily, ntpd will continue to adjust the local clock because it learns the drift characteristics of the hardware clock over time. This information is stored in a file regularly, so it’s available after a reboot, too.
 
Thanks! That is reassuring.

I was thinking ntpdate was being (mis)used to send data to a mail server. But then again, that domain/IP could also be an ntp server and not something evil.

Looking at NTP peer associations with ntpq -p, it makes sense now.
 
whois 5.189.141.35:
Code: 
...
% Information related to '5.189.128.0 - 5.189.143.255'

% Abuse contact for '5.189.128.0 - 5.189.143.255' is 'abuse@contabo.de'

inetnum:        5.189.128.0 - 5.189.143.255
netname:        CONTABO
descr:          Contabo GmbH
country:        DE
org:            ORG-GG22-RIPE
admin-c:        MH7476-RIPE
tech-c:         MH7476-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-CONTABO
mnt-lower:      MNT-CONTABO
mnt-domains:    MNT-CONTABO
mnt-routes:     MNT-CONTABO
created:        2014-04-15T09:22:40Z
last-modified:  2014-04-15T09:22:40Z
source:         RIPE
...

contabo.com

Contabo🥇Cloud VPS & Dedicated Servers for a Price You'll Love

More Computing Power for Less | Award-Winning Support from an Actual Person - not a Bot! | 8 Regions, 11 Locations | 99.996% Uptime Over the Last 12 Months
contabo.com contabo.com

17 years in business means perhaps that this is not a hit and run fraud organization.
 
pinned said:
I was thinking ntpdate was being (mis)used to send data to a mail server. But then again, that domain/IP could also be an ntp server and not something evil.
Click to expand...
An NTP server doesn’t require much resources, it rarely justifies its own hardware. So it often runs on the same machine along with other services, such as DNS or mail servers.
 
You must log in or register to reply here.
Back
Top