[ntp:questions] NTPQ -P shows both IP and DNS name (parsing problem)

David Woolley david at ex.djwhome.demon.invalid
Tue Jun 20 16:38:46 UTC 2017


On 20/06/17 14:55, roman.mescheryakov at gmail.com wrote:
> -193.11.114.43 (tor1.mdfnet.se)
>
> See the line starting with “-193.11.114.43 (tor1.mdfnet.se)”
>
> This strange peer breaks extracting fields by index. For the above example it extracts “(“ as “refid” value instead of “75.17.28.47” and “29.118” as “offset” value instead of “-0.185”.
>

I think you are expected to use the relevant management request 
directly, rather than parse output intended for humans.  That would 
avoid process startup, filtering, and DNS costs.

>
> Is this behaviour a bug or a feature?
"
Whilst I haven't looked at the code, I wonder if tor is Totally Off the 
Record", in which case it is quite likely it doesn't reverse resolve 
correctly.  My guess is that it is displaying the information in this 
form because the reverse resolved name doesn't match the one used, and 
therefore indicates a possible security issue.

In this case, it looks like it reverse resolves to a non-existent domain 
name.





More information about the questions mailing list